close icon
home
Solutions
Compliance and Audit

Complying with PCI DSS

Standards Compliance made easier: How Privileged Access Management (PAM) and Automation can help compliance with Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is the Payment Card Industry Data Security Standard, the worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

Privileged account abuse presents one of today’s most critical security challenges. Uncontrolled access by insiders or even contractors to these accounts leaves an organisation vulnerable to data leaks and cyber-attacks – ultimately causing irreparable damage to both the business and its reputation.

A wide range of industries are affected by PCI DSS requirements including retail, banking and finance, healthcare, government and any others that have to deal with payments.

PCI DSS Overview

PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

Which PCI DSS requirements can Osirium compliment?

There are 12 high level requirements, and they fall into the six categories below and we've also highlighted whether Osirium can assist on each:

Build and Maintain a Secure Network

Requirement 1. Install and maintain a firewall configuration to protect data.

Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3. Protect stored data (use encryption).

Requirement 4. Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain a Vulnerability Management Program

Requirement 5. Use and regularly update anti-virus software.

Requirement 6. Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

Requirement 7. Restrict access to data by business need-to-know.

Requirement 8. Assign a unique ID to each person with computer access.

Requirement 9. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

Requirement 10. Track and monitor all access to network resources and cardholder data.

Requirement 11. Regularly test security systems and processes.

Maintain an Information Security Policy

Requirement 12. Maintain a policy that addresses Information Security.

Please contact us directly for a breakdown on how we addressed all these sections in PCI DSS.

Want to know more?

If you have any questions or want to speak to one of our representatives, please complete this form and we'll be in touch.

+44 (0) 118 324 2444
Thank you! Your submission has been received and we'll be in touch
Oops! Something went wrong while submitting the form.