PCI Data Security
Protecting Cardholder Data is Good for Business – and It’s Required
Providing customers with secure payment options not only provides more incentives to buy – but is also the merchant’s responsibility. In fact, failure to protect cardholder data could cost your company thousands of dollars in fines, in addition to loss of business.
Rest assured, as a Premium Card Solutions merchant, you have a team of PCI data security experts ready to advise you and keep you informed of data security requirements. This section provides the first steps in understanding the Payment Card Industry Data Security Standards (PCI DSS).
What are the Payment Card Industry Data Security Standards (PCI DSS)?
Visa®, MasterCard® and other payment brands have their own data security programs that require merchants to safeguard credit card processing data. However, these companies have also adopted common industry security requirements, referred to as PCI DSS, to provide merchants with a single path to safeguarding sensitive data.
12 Requirements for PCI-DSS Compliance
The PCI DSS is comprised of 12 requirement categories that are grouped under six general headings. These requirements range from removing sensitive card data from your payment terminals, to implementing data security policies for your employees. Below is a short explanation of each:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and security parameters.
Protect Cardholder Data
Requirement 3: Protect stored data.
Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
Requirement 7: Restrict access to data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security.
The complete list of standards is available for download from the PCI Security Standards Council. You may also want to review the Prioritized Approach, which provides guidance for non-compliant merchants who are working toward achieving compliance.
What is a Data Compromise?
A data compromise occurs when cardholder data has been lost or stolen, typically (but not limited to) by way of:
- Theft of property which included cardholder data
- Stolen laptop or computer files
- Missing or stolen reports that may contain cardholder data
- Unlawful theft of cardholder data by an employee
Have more questions about Data Compromise? Read our Data Compromise FAQs to learn more.