What is PCI DSS? How do you become compliant with PCI DSS?

Payment Card Industry Data Security Standards (PCI DSS) are a set of security standards formed in 2004 to secure credit and debit card transactions against data theft and fraud. PCI DSS is a set of compliance methods, which are a requirement for any business.

Let’s suppose payment card data is stored, processed, or transmitted to a cloud environment. In that case, PCI DSS will apply to that environment and will involve validation of the CSP’s infrastructure, and the client’s usage of that environment.

PCI DSS Requirements:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied default for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across an open, public network
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need to know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel