PCI DSS ( Payment Card Industry Data Security Standard ) is a security standard that consists of requirements necessary to protect sensitive information on credit and debit cards. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a secure environment.

PCI SSC (Payment Card Industry Security Standards Council) was launched in 2006 to manage and improve the security of online payments. All the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB) established this council as an autonomous body.

Who does it apply to?

The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

What does it consist of?

PCI SSC proposes 12 requirements as a set of rules that companies have to follow to maintain a safe environment. These are the requirements:

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use system passwords and other default security parameters provided by vendors.
3. Protect stored data of cardholders.
4. Encrypt cardholder data and confidential information transmitted over open public networks.
5. Use and regularly update antivirus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to data based on the official’s need to know the information.
8. Assign a unique identification to each person who has access to a computer.
9. Restrict physical access to cardholder data.
10. Track access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that includes information security

How long does it take to implement the CRF in an organization?

It depends on the size of the organization, the field in which it operates, the number of employees, the state of the current policies implemented. Some organizations can roll out the PCI DSS in a few weeks, others may require months or years. If you are interested in implementing the PCI DSS Standard in your organization, contact us to schedule a gap analysis audit and get a better assessment of the lead time and the costs.

Clients and Partners