LOGIN
Back to Glossary

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies handling credit card transactions maintain a secure environment to protect cardholder data from breaches and fraud.

Key Aspects of PCI DSS

Purpose:

  • Protect credit and debit card transactions from fraud, hacking and data theft.
  • Ensure businesses securely process, store and transmit cardholder information.

Who Must Comply?

  • Any business that processes, stores, or transmits payment card data (e.g., retailers, e-commerce stores, service providers).
  • Applies to companies of all sizes handling card transactions.

Core Security Requirements (12 PCI DSS Requirements):

PCI DSS consists of 12 security requirements grouped into six control objectives:

A. Build and Maintain a Secure Network and Systems

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and security settings.

B. Protect Cardholder Data

  1. Protect stored cardholder data.
  2. Encrypt transmission of cardholder data across open, public networks.

C. Maintain a Vulnerability Management Program

  1. Use and regularly update antivirus software or programs.
  2. Develop and maintain secure systems and applications.

D. Implement Strong Access Control Measures

  1. Restrict access to cardholder data to only those who need it.
  2. Identify and authenticate access to system components.
  3. Restrict physical access to cardholder data.

E. Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data.
  2. Regularly test security systems and processes.

F. Maintain an Information Security Policy

  1. Maintain a policy that addresses information security for all personnel.

PCI DSS Compliance Levels:

PCI DSS has four compliance levels based on the number of card transactions a business processes annually:

Benefits of PCI DSS Compliance:

  • Reduces the risk of data breaches and financial fraud.
  • Enhances customer trust by ensuring secure transactions.
  • Helps businesses avoid penalties and legal consequences.
  • Ensures compliance with global payment security standards.

Consequences of Non-Compliance:

  • Fines & Penalties: Payment brands (Visa, MasterCard, etc.) may impose hefty fines.
  • Data Breaches: Higher risk of hacking, leading to financial and reputational loss.
  • Legal Liability: Possible lawsuits or regulatory actions for failing to protect consumer data.