Ensure PCI Compliance with Automated PCI Compliance Management Solution

The good old days of paying in cash are definitely over as plastic cards replace paper money.  Today people carry different kinds of cards in their wallet namely debit cards, credit cards, prepaid cards, e-purse cards, ATM cards, and POS cards.People use cards for every kind of monetary transactions over the Internet, over the phone and even in person. Though the use of cards has made life easy, it has made it less secure as well.


The number of complaints received by the Federal Trade Commission (FTC) in the year 2011 serves as a proof. Of the 1.8 million complaints received, 15% were on fraud and identity theft, which includes data breaches associated with cards. This definitely proves the need for all members of the payment card industry such as financial institutions, credit card companies and merchants to comply with PCI compliance guidelines.


The Payment Card Industry Data Security Standard (PCI DSS) was established to protect cardholder data and identity theft. As part of this policy all entities accepting, storing and transmitting credit card data had to be PCI compliant. It originally began as five different security programs by five major card brands namely Visa (Visa Card Information Security Program), American Express (American Express Data Security Operating Policy), MasterCard (MasterCard Site Data Protection), JCB (JCB Data Security Program) and Discover Card (Discover Information and Compliance). In 2006, they decided to bring in the separate policies and procedures under one single umbrella called the PCI DSS.


For companies and organizations to be PCI complaint, they need to adhere to the 12 security requirements specified within the PCI DSS. The following are a list of the 12 security requirements.


1. The members of the payment card industry must install and effectively maintain a firewall configuration to protect the sensitive cardholder data.

2. For system passwords and other security parameters, the ones supplied by the vendor shall never be used.

3. Adequate measures need to be taken to protect stored cardholder data.

4. When transferring cardholder data across open public networks it is to be ensured the data is encrypted.

5. It is to be ensured that all systems have the current updated version of the antivirus software.

6. Develop and maintain secure systems and applications.

7. Restrict access to cardholder data to those persons who genuinely need the information.

8. Assign a unique ID to those people accessing the computer containing cardholder data.

9. Restrict physical access to cardholder data.

10. All access to network resources and cardholder data must be regularly tracked and monitored.

11. Test security systems and processes regularly.

12. Maintain a policy that addresses information security and adhere to it.

Companies can ensure a future-proof compliance solution by investing in an automated PCI compliance management solution that gets constantly updated with the latest versions and revisions of the act.


Click here to read more on – vendor management solutions, audit log

Processing your request, Please wait....

Leave a Reply