The Payment Card Industry Security Standards Council (PCI SSC) was created on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards. The primary goal of the organization would be to focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC, an independent organization that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB).
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This broad mandate applies to any merchant that has a Merchant ID (MID), including both “Main Street” retail businesses and Internet-based businesses. Penalties for violations of the PCI DSS can be severe. The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks can pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank can also either terminate their relationship with the merchant or increase transaction fees.
There are currently 12 specific requirements for PCI Compliance, segregated into six major groupings called “Control Objectives.”
|Control Objective||PCI DSS Requirements|
|Build and Maintain a Secure Network||1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
|Protect Cardholder Data||3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
|Maintain a Vulnerability Management Program||5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
|Maintain an Information Security Policy||12. Maintain a policy that addresses information security|
DoubleCheck™ PCI Compliance Solution:
The DoubleCheck GRC & Audit Platform can help maintain the framework and structure necessary to ensure PCI Compliance requirements are being tracked, self-assessments are completed in a timely manner and appropriate parties are notified of any exceptions according to company policies.
Questions About Our PCI Compliance Solution?
Don’t hesitate. Contact us today at 1-888-299-3980 to discuss how your company will benefit from our PCI Compliance software solution.