The Payment Card Industry Data Security Standard (PCI . DSS) is, now, a group effort by worlds leading financial companies like American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.
The primary focus is to safeguard the customer card information so as to protect them from fraud and misuse of the cards. This effort led them to derive a standard which is mandatory for many organizations to comply with. To achieve compliance, these organizations need to implement the PCI-DSS standard. The standard has defined 12 requirements / safeguards to comply with.
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Compliance to all 12 requirements as laid out by the PCI security standards councill, is required by all applicable organizations. The requirements apply to all members, merchants, and service providers that store, process, or transmit cardholder data.
One can download the complete standard from the following URL.