coocoor - PCI DSS High Level Requirements

PCI DSS High Level Requirements

@Rob on Nov. 5, 2018

pci

The goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect cardholder's data. PCI DSS requirements apply to organizations where Cardholder's data and/or Sensitive Authentication data is stored, processed or transmitted.

Cardholder Data includes:

  • Primary Account Number (PAN)
  • Cardholder Name
  • Expiration Date
  • Service Code

Sensitive Authentication Data includes:

  • PINs
  • Magnetic-stripe data or Chip data on Credit/Debit Card
  • CAV2/CVC2/CVV2/CID

For the organizations that have outsourced their payment processing operations or management of their Cardholder Data Environment (CDE), they are responsible for ensuring that the account data is protected by third party.

Below are some high-level PCI DSS requirements:

  1. Organization needs build and maintain a secure network systems. This includes installing and maintaining a firewall configuration to protect cardholder data.
  2. Vendor-supplied default credentials should not be used for system password and other security parameters.
  3. Protect stored Cardholder Data.
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect Systems against malware and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need to know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

PCI DSS comprises a minimum set of requirements for protecting account data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. PCI DSS does not supersede local or regional laws, government regulations, or other legal requirements.

← back to the blog