PCI DSS Standards

Companies processing more than 20,000 transactions annually are required to scan their networks quarterly and conduct annual audits of their PCI DSS compliance. The mandate applies to hundreds of thousands of organizations around the world, and complying with the standard is no simple task.

Card issuers have made it clear that failure to comply with the PCI's detailed technical requirements will result in substantial penalties, including fines. The standard is enforced by merchant banks (on behalf of the networks) and penalties for non-compliance can be as much as $500,000 per incident, not to mention the cost of making headline news as a result of data integrity compromises.

PCI requires companies to meet 12 standards under the following topics:

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data
4. Encrypt transmission of cardholder data and sensitive information across open public networks
* Paymetric provides solutions to help organizations protect stored cardholder data (Step 3).

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

For more detailed information on PCI, please visit:
www.pcisecuritystandards.org