What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) applies to any company that accepts credit card payments.
Any company that plans to accept credit card payments — storing, processing, and transmitting private cardholder data — must ensure that customer data is hosted securely via a PCI-compliant provider.
Protecting stored credit card data
If a company is storing cardholder information, it should have several layers of defense to protect stored data. The data protection model should include both physical and virtual security measures such as data security software.
Common security measures include authentication methods, authorization, and passwords. Physical examples include network cabinet locks and restricted access servers.
Encrypted transmission of cardholder data
According to PCI, “Encrypted data is unusable and unreadable to a system intruder without the property cryptographic keys.” A security system should feature data encryption and tokenization measures that ensure a breach won’t affect customer information security to meet PCI standards compliance.
Assuming an intrusion won’t happen is naïve; in order to be compliant, measures should be in place to eliminate the possibility of an intruder being able to use any data that is accessed.
Other measures that should be put into practice to remain compliant with PCI DSS include:
- consistent risk analysis to scan for weak points in the system
- regular updating of anti-virus and anti-malware software
- tracking and monitoring access to cardholder data within the network
How Precisely can help
Precisely goes above and beyond the security standards that PCI DSS has put forth. When it comes to protecting cardholder data, Precisely knows that you can’t be too safe.