What is PCI DSS, you ask? It stands for Payment Card Industry (PCI) Data Security Standards (DSS). It is actually an in-depth security standard that establishes common methods and safe practices for handling , processing , storing and transmitting credit card information. It was originally created by VISA and MasterCard. In 2006, American Express, Discover, and JCB joined MasterCard and Visa to form the PCI Security Standards Council (SSC).
PCI compliance is mandated by the payment card brands. It applies to all businesses that accept payment or accept payment on behalf of someone else via credit or debit card. Failure to comply in a timely manner may incur fines or worst, canceled merchant account.
Steps to Get Started
1. Determine your merchant or service provider level (1-4).
2. Determine which SAQ is appropriate for your business or if you need an onsite audit, which results in a report on compliance (ROC). The self assessment questionaire (SAQ) is an internal initiative to be PCI compliance while the ROC is assessed and issued by a Qualified Security Assessor (QSA).
3. Perform quarterly vulnerability scans on public-facing IPs by an Approved Scanning Vendor (ASV). Any vulnerability that cause the scan to fail must be remediated and then re-scanned.
4. Information Security Policies must be in place and enforced.
5. The self-assessment report, quarterly scans, and the attestation of compliance must be kept and be prepared to provide to your bank upon request.
We have compiled a list of the top 10 challenges and questions associated with PCI Compliance. Please read this article as it will help you understand what’s currently in place and what needs to be put in place. We also cover the first objective of the PCI requirement that deals with building and maintaining a secure network.
This concludes the first part of the PCI compliance guide. We hope you find this article helpful and interesting. Don’t forget to leave a comment below.