Maintaining Payment Security
Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data.
The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.
PCI Security Standards
PCI Data Security
| Goals | PCI DSS Requirements |
Build and Maintain a Secure Network and Systems |
1. Install and Maintain Network Security Controls |
Protect Account Data |
3. Protect Stored Account Data |
Maintain a Vulnerability Management Program |
5. Protect All Systems and Networks from Malicious Software |
Implement Strong Access Control Measures |
7. Restrict Access to System Components and Cardholder Data by Business Need to Know |
Regularly Monitor and Test Networks |
10. Log and Monitor All Access to System Components and Cardholder Data |
Maintain an Information Security Policy |
12. Support Information Security with Organizational Policies and Programs |
PTS Requirements
The PCI PIN Transaction Security Requirements (called PCI PTS) are focused on characteristics and management of devices used in the protection of cardholder PINs and other payment processing related activities. Manufacturers must follow these requirements in the design, manufacture and transport of a device to the entity that implements it.
Financial institutions, processors, merchants and service providers should only use devices or components that are tested and approved by the PCI Council.
Validated Payment Software
Point-to-Point Encryption
A comprehensive set of security requirements for point-to-point encryption solution providers, this PCI standard helps those solution providers validate their work. Using an approved point-to-point encryption solution will help merchants to reduce the value of stolen cardholder data because it will be unreadable to an unauthorized party. Solutions based on this standard also may help reduce the scope of their cardholder data environment – and make compliance easier.
Point-to-Point Encryption is a cross-functional program that results in validated solutions incorporating many of our various security standards.
Quick Steps to Security
A model framework for security, the PCI Data Security Standard integrates best practices forged from the years of experience of security experts around the world.
The standard works for some of the world’s largest corporations. And it can work for you.
- Buy and use only approved PIN entry devices at your points-of-sale.
- Buy and use only validated payment software at your POS or website shopping cart.
- Do not store any sensitive cardholder data in computers or on paper.
- Use a firewall on your network and PCs.
- Make sure your wireless router is password-protected and uses encryption.
- Use strong passwords. Be sure to change default passwords on hardware and software – most are unsafe.
- Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.
- Teach your employees about security and protecting cardholder data.
- Follow the PCI Data Security Standard.
