PCI-DSS

The Payment Card Industry Data Security Standards (PCI DSS) applies to any company storing processing, or transmitting credit card data. It facilitates the comprehensive adoption of consistent data security measures. Web companies must follow the requirements of the PCI DSS, including a variety of measures, such as hosting the data with a PCI-compliant host. PCI DSS is an organization formed by the major credit card companies, such as Visa, Mastercard, Discover, and American Express.

The main goal of PCI compliance is to reduce the opportunities for attack. This involves using a secure Card Data Environment (CDE), and this applies regardless of whether you use your in-house environment or a third-party secure payment option. This is especially important for e-commerce sites, which rely exclusively on the transfer of payment card data through the internet.

The PCI DSS outlines 12 key requirements for businesses to be compliant. These are divided into six different categories, each focusing on a specific aspect of information security.

1. Use and Maintain Firewalls

2. Proper Password Protections

3. Protect Cardholder Data

4. Encryption of Transmitted Cardholder Data

5. Utilize Antivirus and Anti-malware Software

6. Properly Updated Software

7. Restrict Data Access

8. Unique IDs Assigned to Those with Access to Data

9. Restrict Physical Access

10. Create and Monitor Access Logs

11. Test Security Systems on a Regular Basis

12. Document Policies