The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the compliance scheme aims to secure credit and debit card transactions against data theft and fraud.
The 12 Requirements of PCI-DSS in simple terms that all businesses must have.
- Install and Configure Firewalls and Network Security.
- Change Default passwords and configurations on all systems
- Protect stored Cardholder Data
- Encrypt Cardholder Data during transmission of information
- Install and keep up to date Antivirus Software
- Securely develop and maintain systems and websites
- Keep all accesses to systems to the least Needed
- Keep one user per person and do not use generic accounts
- Set up and maintain physical security to protect systems and Cardholder Data
- Keep logs for all systems in the Cardholder Data Environment
- Execute ASV Scans and Penetration Tests
- Create and maintain a Security Policy
Use this tool to find the PCI-DSS Certification Type you need for your business: PCI-DSS