Aristi PCI DSS
PCI DSS: Are you taking payment security seriously?
What is the PCI DSS ?
The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to decrease payment card fraud across the Internet and increase payment card data security. Organisations that accept, store, transmit or process cardholder data must comply with the PCI DSS.
- If you are a merchant, the PCI DSS applies to you. Even if you have subcontracted all PCI DSS activities to a third party, you are still responsible for ensuring all contracted parties comply with the Standard.
- If you are a service provider, including a software developer, the PCI DSS applies to you if you process, transmit or store cardholder data, or your activities affect the security of the cardholder data as it is being processed, transmitted or stored.
The PCI DSS Goals
Requirement 1: Install and maintain a firewall configuration to protect cardholder data. Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Requirement 5: Protect all systems against malware and regularly update antivirus software or programs. Requirement 6: Develop and maintain secure systems and applications.
Requirement 7: Restrict access to cardholder data by business need to know. Requirement 8: Identify and authenticate access to system components. Requirement 9: Restrict physical access to cardholder data.