PCI Compliance

PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

The PCI DSS offers a single approach to safeguarding sensitive data for all card brands. The PCI DSS consists of twelve basic requirements categorized as follows:

Build and Maintain a Secure Network

• Install and maintain a firewall configuration to protect data
• Do not use vendor-supplied defaults for system passwords and other security parameters



Protect Cardholder Data

• Protect stored data
• Encrypt transmission of cardholder data and sensitive information across public networks



Maintain a Vulnerability Management Program

• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications



Implement Strong Access Control Measures

• Restrict access to data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data



Regularly Monitor and Test Networks

• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes



Maintain an Information Security Policy

• Maintain a policy that addresses information security

For more information or resources you can visit:
www.pcisecuritystandards.org
www.visa.com