What is the Payment Card Industry Data Security Standard?
What is the Payment Card Industry Data Security Standard?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules to help protect businesses and shoppers from data theft and fraud.
The rules apply to any company that accepts payment by card and/or processes, stores or transmits payment card data.
When businesses follow these rules we say they are PCI DSS compliant.
Being compliant with PCI DSS is important because:
- It protects customer data
- It helps businesses avoid fines and penalties
- It maintains customer trust
Compliance with PCI DSS is monitored by the PCI Security Standards Council. They have 12 requirements that all businesses must meet:
- Install and maintain a secure network
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored card holder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique id to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel