InterCert-Logo

PCI-DSS Payment Card Industry Data Security Standard

  • Home
  • PCI-DSS Payment Card Industry Data Security Standard

Management System Certifications

PCI-DSS - Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard for securely processing, storing, or transmitting payment card account data. PCI-DSS is established by leading payment card brands and maintained by the PCI Security Standard Council (PCI SSC).

The PCI-DSS have following compliance levels:
  • Level 1: Merchants or Service Providers  processing over 6 million card transactions annually.
  • Level 2: Merchants or Service Providers  processing 1 to 6 million transactions annually.
  • Level 3: Merchants or Service Providers  processing 20,000 to 1 million transactions annually.
  • Level 4: Merchants or Service Providers  processing fewer than 20,000 transactions annually.
PCI-DSS Requirements
CONTROL OBJECTIVES REQUIREMENTS
Build And Maintain A Secure Network
  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks
Maintain A Vulnerability Management Program
  • Use and regularly update anti-virus software on all systems commonly affected by malware
  • Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  • Restrict access to cardholder data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
Regularly Monitor And Test Network
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain An Information Security Policy
  • Maintain a policy that addresses information security

PIC 

PCI Council Guidance on BAU
Monitoring of security controls
  • Firewalls
  • IDS/IPS
  • File Integrity Monitoring (FIM)
  • Anti-Virus
Periodic Review
  • Configuration
  • Physical security
  • Patches and Anti-Virus
  • Audit logs
  • Access rights
Review changes to environment
  • Addition of new systems
  • Changes or organizational structure
  • Impact of change to PCI DSS scope
  • Requirement applicable to new scope
  • Implement any additional security controls because of change
  • New hardware and software (and older ones) continue to be supported and do not impact compliance
Ensuring failures in security controls are detected and responded
  • Restoring the security control
  • Identifying the root cause
  • Identifying any security issues because of the failure
  • Mitigation
  • Resume monitoring of security control
  • Segregation of duties between detective and preventive controls

 

PCI DSS Roadmap

pci-dss-roadmap

Visit following sections for more information’s on next step for getting certified from INTERCERT

Harbour Engineering Company
Bhutan National Bank
Larsen & Toubro
Grab
Mobi
Hindustan Aeronautics Limited
Medisafe Technologies
Allanasons Private Limited
Naval Dockyard
Subaru
Arizona State University