How to meet the latest payment card industry data security standards
If your business transmits, processes or stores credit card data, you will need to protect this highly sensitive information and to meet the requirements of Payment Card Industry, Data Security Standards and become compliant and maintain that compliance. Failure to introduce and maintain appropriate payment security standards could result in your organization receiving significant fines and suffering serious reputational and financial damages.
Putting in place the range of controls needed to achieve compliance with the latest Payment Card Industry Data Security Standards (PCI DSS) can place a strain on your organization’s resources, however, as a leading provider of managed security services, BASHtell can help your organization understand and implement the technical and operational controls needed to fulfill the latest PCI requirements.
What is PCI DSS?
The PCI-DSS is a minimum set of technical and organizational requirements designed to help businesses protect customers’ cardholder data against theft / fraud through robust payment security.
All organizations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.
PCI DSS is enforced by PCI Security Standards Council, American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.
Organizations deemed to fall short of required payment security standards, or those who are not working towards achieving compliance, are liable to receive a fine or even lose the opportunity to accept credit card payments from the above credit card brands.
Who does PCI DSS apply to?
The PCI DSS applies to all organizations that store, process and transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Examples of such organizations include merchants, processors, acquirers, issuers, and service providers.
Organisations that outsource payment operations are responsible for ensuring that all account data processed is suitably protected by contracted third parties.
The PCI DSS encompasses six key objectives. These objectives are split across a set of 12 requirements, each incorporating a range of preventative, detective and directive controls.
Key PCI DSS requirements:
Learn more about our PCI DSS services
Contact our data security experts to discuss your compliance needs