What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) secures cardholder data that is stored, processed or transmitted by merchants and other organizations. It is the international benchmark that mitigates security risks and protects payment card data from attack. The standard is managed by the PCI Security Standards Council and its founders, the global payment brands: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. The PCI DSS framework is divided into 12 security requirements
To whom does PCI apply?
ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Simply, if any customer of that organization pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
Why is needed?
As from 30 September 2007 all businesses handling cardholder data – irrespective of size – have to be fully compliant with strict security standards drawn up by the world’s major credit card companies.
Businesses are facing big challenge for the risk of losing sensitive cardholder data, which could result in huge fines, legal actions and bad reputation. Therefore, complying with PCI DSS ensures customer data protection against data breach and risk mitigation.
How to comply with the PCI DSS:
- Building/maintaining a secure payment processing network
- Protect cardholder data
- Maintaining a Vulnerability Management Programme
- Implement strong access control measures
- Regularly monitor and test the network
- Maintain an Information Security Policy
RESULCO Approach to PCI DSS Compliance
PCI DSS compliance is not a simple project with one time start-to-end life cycle. It is an on-going process of assessment, remediation and reporting. Compliance and maintenance of the certification requires the involvement of multi-disciplinary team within the business and IT technical departments. RESULCO PCI Compliance Services are designed to meet organisation requirements and comply with the PCI DSS.
PCI DSS Services Include: PCI DSS Readiness Assessment | PCI DSS Report on Compliance | PCI DSS Consulting |Penetration Testing | Vulnerability Scanning