What is PCI DSS and What are 12 Requirements for it?

What is PCI DSS and What are 12 Requirements for it?
Have you ever wondered that we have so many Compliance standards for almost everything in this World? For Food, for electronics, for IT firms heck I guess there would be some standard for Clothes too which I don’t know.
So today we are going to talk about something which I am guessing is a very important banking Standard that is PCI DSS.
 

Now, what does PCI DSS Stands for? 

The payment card industry (PCI DSS) security standards are a set of security standards that help protect cardholders' information about security breaches. It helps to protect your card information against theft within the organization and external forces. With the growing security threats, adhere to PCI-DSS is crucial for dealers dealing with payment cards, bank cards and credit cards, debt and the impact of bankruptcy may be disastrous for reputation and finances of the organization.
 
 
Today almost everything is available on the internet to buy and it’s obvious that most of the people use Debit or Credit cards. So, the threats are imminent.
 
PCI DSS Divides your account data into two distinct categories.
  • Cardholder data includes Primary Account Number (PAN), Card Holder Name, Expiration Date, and Service Code.
  • Sensitive authentication data includes: complete data (magnetic stripe or equivalent data on a chip), CAV2 / CVC2 / CVV2 / CID blocks and PIN / PIN

Why is PCI Important?

If a merchant is compromised in such a way that an attacker could access the payment card data, the merchant's buyer can keep the merchant financially liable for any resulting loss of fraud and other costs. If an ADC event is suspected, the merchant may be responsible for having a forensic examination performed by a PCI Forensic Investigator (PFI), which can be costly. Attackers may also compromise non-payment card data such as records of financial and human resources and trade or property secrets that could seriously damage the ongoing operations.
 

12 Requirements of PCI DSS 

  1. Install and manage a firewall configuration to protect cardholder data.
  2. Do not use the factory default values provided by the manufacturer and other security parameters.
  3. Protect the data stored by the cardholder.
  4. Encrypt the data card of the holder through open public networks.
  5. Use and update antivirus software regularly.
  6. Development and maintenance of protected systems and applications.
  7. Restricting access to data holder’s companies needs to know.
  8. Assign a unique ID to anyone with access to a computer.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and the holder's data sheet.
  11. Periodically inspect the systems and security processes.
  12. Manage a policy that guarantees the security of information.

Useful info

Finally, in 2004 major card industries such as JCB, VISA and MasterCard formed a regulatory body and set of rules to govern the card industries, no matter if they small or large business units. Subsequently, in 2005, the standard became mandatory to be followed by all card industries and became known as PCI DSS standard and now PCI standard. It applies to all companies that stores, processes or transmits cardholder information Card, and mail/phone order.
In the End, make sure that you play your part wisely in keeping your Card information Safe. You already know what I am talking about.
 
Authored By - Prateek Babbar
TCS Cyber Security Practice
 
 
 
 
 
Rate this article: 
0
No votes yet
Article category: