12 Requirements of PCI Data Security Standards

Cardholder data theft has become an issue all merchants must face. As a result of several high profile incidents over the past few years (i.e., Card Systems & TJX), the Card Associations (Visa, MasterCard, American Express, Discover) were forced to devise data security standards for merchants that process transactions through their networks. The PCI Data Security Standards (PCI DSS for short) were promulgated in September 2006 and represent a combined effort of all the major card brands, like Visa, Mastercard, & American Express, to provide uniform data security standards and requirements. PCI DSS affects any merchant that stores, processes, or transmits cardholder data. That means ALL merchants are affected.

So how do you comply? The first step is to develop written policies, procedures and protocols that address the 12 core requirements of PCI DSS and then validate your compliance based on the merchant category you are in.

The 12 core requirements of PCI DSS are:

    1. Install and maintain a firewall configuration to protect cardholder data

    2. Do not use vendor-supplied defaults for system passwords and other security passwords

    3. Protect stored cardholder data

    4. Encrypt transmission of cardholder data across open, public networks

    5. Use and regularly update anti-virus software

    6. Develop and maintain secure systems and applications

    7. Restrict access to cardholder data by business need-to-know

    8. Assign a unique ID to each person with computer access

    9. Restrict physical access to cardholder data

    10. Track and monitor all access to network resources and cardholder data

    11. Regularly test security systems and processes, AND

    12. Maintain a policy that addresses information security

Some of these requirements will need to be provided to you by your web hosting company and others will need to be provided by your shopping cart vendor.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image
Play CAPTCHA Audio
Reload Image