PCI DSS

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

Privileged account abuse presents one of today’s most critical security challenges. Uncontrolled access by insiders or even contractors to these accounts leaves an organisation vulnerable to data leaks and cyber-attacks – ultimately causing irreparable damage to both the business and its’ reputation.

PCI DSS breakdown

PCI DSS is the Payment Card Industry Data Security Standard, and this is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. The way it does this is through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

There are 12 high level requirements, and they fall into the six categories below and we've also highlighted whether Osirium can assist on each:

Build and Maintain a Secure Network

Requirement 1. Install and maintain a firewall configuration to protect data.

Requirement 2. Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3. Protect stored data (use encryption).

Requirement 4. Encrypt transmission of cardholder data and sensitive information across public networks.

Maintain a Vulnerability Management Program

Requirement 5. Use and regularly update anti-virus software.

Requirement 6. Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

Requirement 7. Restrict access to data by business need-to-know.

Requirement 8. Assign a unique ID to each person with computer access.

Requirement 9. Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

Requirement 10. Track and monitor all access to network resources and cardholder data.

Requirement 11. Regularly test security systems and processes.

Maintain an Information Security Policy

Requirement 12. Maintain a policy that addresses Information Security.

Please contact us directly for a breakdown on how we addressed all these sections in PCI DSS.

Industries linked to PCI DSS

Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

Financial Institutions

Learn More

Retail

Learn More

Manufacturing

Learn More

Legal

Learn More

Government and Defence

Learn More

Healthcare

Learn More

Telecommunication

Learn More

What other compliance standards can Osirium address?

ISO27001

ISO27001

Learn More

MAS TRM

MAS TRM

Learn More

NIST 800-53

NIST 800-53

Learn More