Have you ever gotten a call from a vendor, where you're actually a cus...
PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) v2.0
Overview
The PCI DSS was created by the Security Standards Council (SSC) to provide a set of standards designed to protect cardholder information. The PCI DSS is enforced by VISA, MasterCard, American Express, Discover, and JC Brands.
The PCI DSS v2.0 contains twelve major requirements that are broken down into over 275 sub-requirements:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Annual validation of these requirements varies depending on credit card transaction volume, however, any organization that processes, stores, or transmits credit card information is expected to adhere to the PCI DSS in its entirety.
References
Industry
Any organization that processes, stores, or transmits credit card information
- Retail
- eCommerce
- Restaurants
- …and more
Thanks for the most informative and thorough assessment we have had!
Connect With Us
Keep up to date with changes in the world of Information Security and Computer Forensics.
