These standards were established in 2006 by MasterCard, Visa, JCB, Discover and American Express. Before these five major credit card issuers teamed up and set the standards, each card issuer followed their own policies. Currently there are six major categories of PCI standards that retailers need to meet if they want to be deemed compliant.
1. Secure Network
First, the merchant will be required to maintain a secure network. This essentially refers to the network the cardholder information is exposed to. For example, online businesses need to make sure their web servers are secure. Web servers are the most vulnerable to hackers. Even so, there is more to this. Does your business network have effective security measures in place? Do you store cardholder information on a computer that you use on public networks? In other words, when any sensitive data about a cardholder is kept on a PC, which is connected to a public network, the business must have a firewall installed on that computer.
2. Protect Cardholder Data
This particular category of PCI Standards has to do with the storage and transmission of the cardholder information. Businesses that have taken the responsibility of keeping cardholder information must protect that data. This means that they need to make sure that not everyone can have access to it. Companies that store credit card info usually store them as encrypted data. This means that even if a person manages to access the information, he or she will not be able to decrypt or decipher it. When a consumer makes a purchase online, his or her credit card information is transmitted across the internet. For this reason, the cardholder information must be encrypted in order to meet this standard.
3. Maintain a Vulnerability Management Program
This typically refers to keeping your systems up-to-date. Security breaches can be reduced by regularly updating antivirus software, operating systems and computer hardware. Running regular scans to ensure the computer is safe, is another key requirement to meet this particular standard.
4. Regularly Monitor and Test Networks
Companies need to monitor and test networks that store cardholder data. There are several security testing and auditing services out there that can help businesses with this. ScanAlert’s Hacker Safe Scan Program is one of the best programs available on the market. It can help one fix security issues as they arise.
5. Implement Strong Access Control Measures
When it comes to protecting cardholder data, the human element is one of the most exploited breaches in security, which is almost impossible to implement. In order to meet this standard, companies need to limit access to cardholder data to only a few people that need to use it.
6. Maintain an Information Security Policy
It is important for companies to come with their own information security policy. They must come with their own unique measures that focus on protecting cardholder information.
It should be noted that the concept of PCI compliance is still new, meaning it is still evolving. At times, it can be confusing and overwhelming. Nevertheless, this is a crucial and compulsory step to ensure the protection of cardholders everywhere.
ImGlobal Payments maintains a PCI Compliant payment gateway for secure transactions.