PCI DSS ASSESSMENT

WHAT IS A PCI AUDIT?

PCI DSS, the Payment Card Industry Data Security Standard, consists of nearly 400 individual controls and is a critical part of staying in business for any merchant, service provider, or subservice provider who is involved in handling cardholder data. In fact, if you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, you are required to comply with the PCI DSS.

HOW CAN PCI COMPLIANCE BENEFIT YOUR ORGANIZATION?

If you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, then PCI compliance is critical to the operability of your organization. A non-compliant organization could be subject to substantial fines and penalties, termination of ability to accept cards as payment, loss of business, lost confidence of customers, and legal costs. On the other hand, PCI compliance demonstrates your commitment to security and assures your clients that their cardholder data is protected.

The current version of the standard, PCI DSS v3.2.1, has nearly 400 controls categorized under six control objectives and 12 major subject areas. Compliance with the standard means compliance with the following requirements:

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel