PCI-DSS (Payment Card Industry Data Security Standard) is a set of data security standards that are designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The standards are designed to protect cardholder data, reduce credit card fraud and ensure the security of payment transactions.
PCI-DSS Controls
Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect
cardholder data - Do not use vendor-supplied defaults for system passwords and
other security parameters
Protect Cardholder Data - Protect stored cardholder data
- Encrypt transmission of cardholder data across open,
public networks
Maintain a Vulnerability Management Program - Protect all systems against malware and regularly update antivirus software or programs
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures - Restrict access to cardholder data by business need to know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks - Track and monitor all access to network resources and
cardholder data - Regularly test security systems and processes
Maintain an Information Security Policy - Maintain a policy that addresses information security for all
personnel
