Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Regulatory Compliance Data Security Standards: PCI Compliance

Data Security Standards: PCI Compliance

Payment Card Industry (PCI) Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

Is PCI a law? No. It is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). Enforcement of compliance is done by  organizations processing transactions (i.e. Visa, Mastercard,   American Express etc.).

PCI DSS Requirements (Wikipedia)

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software on all systems commonly affected by malware
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

Resources: