The payment card industry (PCI) Data security standard (DSS) requirements are a set of merchant guidelines that help protect cardholder data. According to the PCI Security Standards Council, “The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data.”
PCI DSS Scanning
PCI DSS Requirements
The main goal of PCI is to help financial institutions implement standards for technologies and security policies that protect their payment systems from breaches and data theft. Below is a list of the PCI DSS requirements that Pcisecuritystandards.org outlines on its website.
1. Maintain a vulnerability management program — Regularly update anti-virus software and maintain secure systems and applications
2. Build and maintain a secure network — Maintain a firewall configuration and never use vendor defaults for security parameters or passwords
3. Protect cardholder data — Encrypt transmission of data across public networks
4. Monitor and test networks — Track access to network resources and cardholder data and test processes and security systems regularly
5. Implement strong access control measures — Restrict physical access to cardholder data and assign a unique ID to every employee with computer access
6. Maintain an information security policy — Information security doesn’t stop at implementation; maintain a policy that addresses information security for all personnel and remember to reexamine policies often
PCI DSS Compliance
The first step of PCI DSS compliance is to accurately determine the scope of the environment. “The scoping process includes identifying all system components that are located within or connected to the cardholder data environment,” the PCI Security Standards Council website goes on to say.
Scoping should occur at least once a year and should:
- Identify and document all cardholder data to verify that no data exists outside of the defined cardholder data environment (CDE)
- Verify that PCI DSS scope is relevant and appropriate
- Retain documentation showing how PCI DSS scope was confirmed
Partner With a Security Expert
mproactive’s suite of solutions helps business owners better manage and protect customer networks, data and servers. Although mproactive is not subject to PCI DSS rules, our security features go beyond the requirements listed in the PCI DSS standards. For example:
- mproactive logs all application activity.
- No system can be accessed without a unique user ID and password.
- We can enable IP whitelisting and two-factor authentication through our Web Protection.
- All transmissions are encrypted.
- mproactive logs out accounts after an inactivity period.
Ready to try out mproactive for yourself? Sign up for a free no obligation trial today!
PCI Security Standards Council: https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf