Understanding PCI DSS

How to meet the latest payment card industry data security standards

If your business transmits, processes or stores credit card data, you will need to protect this highly sensitive information and to meet the requirements of Payment Card Industry, Data Security Standards and become compliant and maintain that compliance.  Failure to introduce and maintain appropriate payment security standards could result in your organization receiving significant fines and suffering serious reputational and financial damages.

Putting in place the range of controls needed to achieve compliance with the latest Payment Card Industry Data Security Standards (PCI DSS) can place a strain on your organization’s resources, however, as a leading provider of managed security services, BASHtell can help your organization understand and implement the technical and operational controls needed to fulfill the latest PCI requirements.


What is PCI DSS?

The PCI-DSS is a minimum set of technical and organizational requirements designed to help businesses protect customers’ cardholder data against theft / fraud through robust payment security.

All organizations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.

PCI DSS is enforced by PCI Security Standards Council, American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

Organizations deemed to fall short of required payment security standards, or those who are not working towards achieving compliance, are liable to receive a fine or even lose the opportunity to accept credit card payments from the above credit card brands.

Who does PCI DSS apply to?

The PCI DSS applies to all organizations that store, process and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Examples of such organizations include merchants, processors, acquirers, issuers, and service providers.

Organisations that outsource payment operations are responsible for ensuring that all account data processed is suitably protected by contracted third parties.

PCI requirements

The PCI DSS encompasses six key objectives. These objectives are split across a set of 12 requirements, each incorporating a range of preventative, detective and directive controls.

Key PCI DSS requirements:

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management programme

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy

How BASHtell supports PCI DSS requirements

As a provider of managed security services, BASHtell has experience helping businesses achieve PCI compliance. Our range of security assessment, threat detection and incident response services help organizations meet and exceed the requirements of this and other data security standards.

Our PCI DSS services include:

Managed vulnerability scanning

Penetration testing

Proactive network and endpoint monitoring

Cyber incident response

Risk assessments and consultancy

Learn more about our PCI DSS services

Contact our data security experts to discuss your compliance needs