PCI DSS Consultancy




Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance card holder data security and facilitate the broad adoption of consistent data security measures globally.

This standard was created in 2004 by Visa, Master Card, American Express, Discover and JCB the five major payment card provider companies of the world.

PCI DSS provide baseline of technical and Operational requirements designed to protect account data. It applies to all entities involved in payment card processing including merchants, processors, acquirers, issuers and service providers. It also applies to all other entities that store, process or transmits cardholder data and Sensitive Authentication Data (SAD).

The standard contains 12 Requirements and 6 Control Objectives. These are: –

6 Objectives 12 Requirements
Build and Maintain a secure network system

1.      Install and maintain firewall configuration to protect card holder data.

2.      Do not use vendor- supplied defaults system passwords and other security parameters.

Protect Cardholder Data

3.      Protect stored Cardholder Data.

4.      Encrypt transmission of Cardholder Data across open, public network.

Maintain vulnerability management programs

5.      Protect all system against malware and regularly update anti-virus software or programs.

6.      Develop and maintain secure system and applications

Implement strong access control measures

7.      Restrict access to cardholder data by business need to know.

8.      Identify and authenticate access to system components.

9.      Restrict physical access to cardholder data.

Regular monitor and test Networks

10.   Track and monitor all access to network resources and cardholder data.

11.   Regularly test security system and processes.

Maintain an Information Security Policy 12.   Maintain policy that addresses information security for all personnel.

1. Benefits of PCI DSS compliance

  • Builds trust with customers
  • Prevent data breach
  • Help to meet global standards
  • Put more focus on security
  • Help to avoid legal obligations
  • Improve brand value
  • Easily complied with additional regulations

2. Why compliance of PCI DSS necessary for organizations?

Implementation of PCI DSS is mandatory for every organization who stores and process payment information of cardholder data directly or indirectly.