Amidst the recent credit card breaches in the news from Target last year to Home Depot last month, it’s more important than ever to make sure your credit card data environment is secure at your business. As you may already know, back in 2004, the Payment Card Industry (PCI) put together a Security Standards Council to create a set of controls, including 12 main requirements, which businesses are to implement in order to properly protect credit card data.
Collectively, these control objectives and requirements are known as PCI DSS which stands for Payment Card Industry Data Security Standard. All major credit card companies including VISA, MasterCard, Discover and American Express have mandated that merchants and service providers who store, process or transmit cardholder data must demonstrate how they follow these 12 main requirements and their sub requirements. Failure to do so may result in fines or termination of credit card processing privileges.
The main goal of PCI DSS is to reduce business risk of these ever-present data breaches and cybercriminals. The hard facts are that one in five small businesses falls victim to cybercrime each year. The US’ National Cyber Security Alliance found that some 60% of those small businesses go out of business within six months after an attack.
So, how can you get started on protecting your business? A great place to begin is by taking a look at the 12 high-level security requirements below to understand how your business can begin reducing risk. Then make sure to sign onto Wind River Financial’s PCI Partner Program to complete your annual security questionnaire and start protecting your business today!
PCI DSS 12 Main Requirements
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications.
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
For a more robust explanation of each requirement along with all the sub requirements and standards, check out the PCI DSS Security Standards Council’s official requirements guide here.
As always, if you have any questions accessing your PCI Security Questionnaire or if this is your first time logging onto our PCI Partner Program, please give us a call at 1-800-704-7253, Option #4 to speak directly to one of our Relationship Managers or email us at firstname.lastname@example.org.