Payment Card Industries (PCI) standards and compliance

There are many regulating bodies in the financial payment industry.  PCI SSC (Payment Card Industries Security Standards Council) is the organization that sets the standards for data security in many payment situations.  PCI compliance is one of many standards and is one of the most.  The keystone of the PCI SSC is PCI DSS (Payment Card Industries Data Security Standard) the standard by which many merchants and providers follow for data security. PCI DSS uses 12 core requirements for security including areas such as; security management, policies, procedures, network architecture, and software design (Krutz and Nahari, 2011).  The requirements are organized into 6 areas(PCI SSC pcisecuritystandards.org.

  • Build and maintain a secure network: Install a firewall and change vendor supplied default passwords.
  • Protect cardholder data: Encrypt card data across networks and protect stored data.
  • Maintain a vulnerability management program: Use antivirus and develop and maintain secure applications.
  • Implement strong access control measures: Restrict physical and digital access to card data and assign unique ID’s to each person with access.
  • Regularly monitor and test networks: Monitor and test networks regularly.
  • Maintain an Information Security Policy: Maintain a policy that addresses information security.

Sources:

Krutz, R and Nahari, H. 2011. Web commerce security design and development. Wiley Publishing Inc. Indianapolis, IN.

PCI DSS 2.0. https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf