PCI DSS recently implemented a new and improved guideline for compliance. However, many business owners are still in the dark in regards to PCI DSS as a whole. Here is a quick refresher covering some of the basics about the policy and how it works.
PCI DSS—The Basics
What does PCI DSS stand for?
PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS functions to protect the consumer’s sensitive data particularly during POS, ATM, and all credit/debit card transactions.
What year was PCI DSS first implemented?
On December 15, 2004, the Payment Card Industry Security Standards Council (PCI SSC) was formed to lay down the guidelines for a policy. The original version was put in place in September of 2006.
What can happen if I’m not code compliant?
Penalties for non-compliance range from $5,000 to $100,000 per month. Even if assessed the low-range violation, this fine amounts to $70,000 per year. Who can afford that?
PCI DSS—Requirements and Security Assessment Procedures
PCI DSS v3.0 has six core topics that function to protect both your company and its customers. Here’s a quick breakdown.
• Build and Maintain a Secure Network and Systems
A firewall must be installed and configured, and security parameters cannot use vendor-supplied defaults.
• Protect Cardholder Data
Encryption of cardholder data must be administered to protect cardholder data.
• Maintain Vulnerability Management Program
Malware prevention must be in use, and all anti-virus programs must be properly maintained and updated regularly.
• Implement Strong Access Control Measures
Access to client cardholder information should be extremely limited.
• Regularly Monitor and Test Networks
Security system must be tested at regular intervals to ensure they are fully functioning.
• Maintain an Information Security Policy
An employee policy should be created and maintained to address security protocol for all personnel.
Call an EzFIM Compliance Expert Today
Did you know that in accordance with PCI DSS, your company must employ a change-detection mechanism such as file integrity monitoring in order to be code compliant?
EzFIM, which recently partnered with NetBoundary, offers a cutting-edge FIM that is just as effective as any on the market but is available at a fraction of the cost. Call an EzFIM Complinace Expert today at: 855-393-4666 to find out more about how EzFIM can protect your client’s sensitive data while getting you up to par on PCI DSS v3.0 compliance.