PCI DSS

 

PCI DSS, in its native language: Payment Card Industry Data Security Standard stands for Data Security Standard for the Payment Card Industry.

 

This standard has been developed by a committee made up of the most important card (debit and credit) companies. Committee called PCI SSC (Payment Card Industry Security Standards Council). The goal is to prevent fraud involving debit and credit payment cards.

 

PCI DSS sets the standards that organizations must meet to secure data from credit or debit card holders.

 

Companies that process, store, or transmit card data must meet the standard and must be properly certified.

 

The control objectives and their requirements are as follows:

 

    -. Develop and Maintain a Secure Network

 

        Requirement 1: Install and maintain a firewall configuration to protect the data of cardholders.

 

        Requirement 2: Do not use system passwords and other default security parameters provided by providers.

 

    -. Protect Data from Cardholders.

 

        Requirement 3: Protect stored data from cardholders.

 

        Requirement 4: Encrypt cardholder data and confidential information transmitted over open public networks.

 

    -. Maintain a Vulnerability Management Program

 

        Requirement 5: Use and regularly update antivirus software.

 

        Requirement 6: Develop and maintain secure systems and applications.

 

    -. Implement robust access control measures

 

        Requirement 7: Restrict access to data based on the need of the official to know the information.

 

        Requirement 8: Assign a unique ID to each person who has access to a computer.

 

        Requirement 9: Restrict physical access to cardholder data.

 

    -. Monitor (Monitor) and Test networks regularly

 

        Requirement 10: Track and monitor (monitor) all access to network resources and cardholder data.

 

        Requirement 11: Regularly test security systems and processes.

 

    -. Maintain an Information Security Policy

 

        Requirement 12: Maintain a policy that addresses the security of information