PCI DSS Compliance

The Payment Card Industry Data Security Standard or PCI DSS define the best practices for storing, transmitting and handling sensitive information over the Internet.

To prevent credit card fraud, the standard applies to all organizations that hold, process, or exchange card folder information from any card branded with the logo of participating card bands. PCI DSS was created to implement a certain level of security for merchants who store, process, or transmit credit card data. The twelve requirements laid out by PCI Security Standards Council organized into six categories are listed as follows:

Build and Maintain a Secure Network

  • Install and maintain a firewall configuration to protect card holder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Stored Cardholder Data

  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

  • Use and regularly update anti-virus software or programs.
  • Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.

Maintain an Information Security Policy

  • Maintain a policy that addresses information security for employees and contractors.

The PCI DSS compliance cost depends on your business type, existing IT infrastructure, number of transactions processed annually, credit/debit processing and storage practices. Merchants should store minimal amounts of card holder data. Storage amount and time retained should be restricted to only that is required for legal and business purposes. Remote storage of credit card data is one of the ways to achieve PCI compliance as it is one solution for a number of PCI DSS requirements. PCI DSS compliance can be validated either quarterly or annually.

We offer solutions complying with PCI DSS.

Back >>

Web Development
Web Applications
eCommerce
Websites and CMS
Rich Internet Applications
Microsoft
Mobile Development
User Experience (UX)
Design
IT Infrastructure Management
Cloud Computing
Independent Validation and Testing
Testing Portfolio
Competitive Intelligence
BI and Data Warehousing