Risk Associates | Secure your business Home Contact us Sitemap
our services
administrator area
 
 username
 
 password
 
 
contact information

PCI DSS

What is PCI DSS

PCI DSS is a security standard that includes requirements for security management, policies, procedures, network security, software security, etc…
Developed, and mandated, by
Mastercard Worldwide, Visa International, American Express, Discover Financial Services, and JCB.
Further,
any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them needs to comply with PCI

Does PCI DSS apply to you

If you answered ‘yes’ to any of the following questions PCI DSS applies to you:
  • Do you process credit card transactions?
  • Do you store credit card information? (paper or electronically)
  • Do you take online credit card payments?
  • Do you handle credit card information on paper, online, over the phone or via mail?

Why comply with PCI DSS

  • To manage your risk;
  • To protect your customer data;
  • To stay competitive in the market;
  • To avoid punitive measures;
  • Potentially significant fines – incrementally increases;&
  • To stay in business.

Requirements

The current version of the standard (1.1) specifies 12 requirements for compliance, organized into 6 logically related groups, which are called "control objectives." The control objectives and their requirements are:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

 

© 2004 - 2008 Risk Associates Pty Ltd
Designed and maintained by 110 Solutions