The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It is a global standard and compliance is required for all businesses that handle cardholder data.
To comply with PCI DSS, businesses must:
- Build and maintain a secure network and systems. This includes installing and maintaining a firewall and using unique, high-security passwords.
- Protect cardholder data. This involves encrypting data transmission across open, public networks and safeguarding stored data.
- Implement strong access control measures. Businesses should restrict access to cardholder data on a need-to-know basis, assign a unique ID to each person with computer access, and restrict physical access to cardholder data.
- Regularly monitor and test networks. This means tracking and monitoring all access to network resources and cardholder data, as well as regularly testing security systems and processes.
- Maintain an Information Security Policy. This policy should be maintained, disseminated, and updated annually at a minimum.