Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is the Payment Card Industry Data Security Standard, the worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
Privileged account abuse presents one of today’s most critical security challenges. Uncontrolled access by insiders or even contractors to these accounts leaves an organisation vulnerable to data leaks and cyber-attacks – ultimately causing irreparable damage to both the business and its reputation.
A wide range of industries are affected by PCI DSS requirements including retail, banking and finance, healthcare, government and any others that have to deal with payments.
PCI DSS Overview
PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.
Which PCI DSS requirements can Osirium compliment?
There are 12 high level requirements, and they fall into the six categories below and we've also highlighted whether Osirium can assist on each:
Build and Maintain a Secure Network
Requirement 1. Install and maintain a firewall configuration to protect data.
Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
Requirement 3. Protect stored data (use encryption).
Requirement 4. Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain a Vulnerability Management Program
Requirement 5. Use and regularly update anti-virus software.
Requirement 6. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
Requirement 7. Restrict access to data by business need-to-know.
Requirement 8. Assign a unique ID to each person with computer access.
Requirement 9. Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Requirement 10. Track and monitor all access to network resources and cardholder data.
Requirement 11. Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12. Maintain a policy that addresses Information Security.
Please contact us directly for a breakdown on how we addressed all these sections in PCI DSS.