How to Keep Customer Card Data Safe with PCI-DSS

Customer Card Data Safe with PCI-DSS

If you run any business that accepts any of the branded payment cards, it is necessary to comply with all the 12 requirements stated by PCI-DSS. PCI-DSS stands for Payment Card Industry-Data Security Standard. PCI-DSS applies to any business that accepts or store any information related to the payment card. The payment cards may be credit cards or debit cards. It is vital to note that incapability to meet PCI-DSS requirements may result in termination of payment card processing privileges.

12 Requirements By PCI-DSS So To Protect A Cardholder’s Information

  1. Installation and maintenance of a firewall
  2. Development and maintenance of safe and secure systems
  3. Restricting access to cardholder data by business need-to-know
  4. Assignment of a unique or special ID to each person who gets an access to computer
  5. Restricting physical access to the information that belongs to cardholder
  6. Regular update of antivirus software
  7. Using own system passwords rather than ones provided by vendors
  8. Encrypting the data before its transmission on public channels
  9. Protecting and safeguarding the stored cardholder data
  10. Performing regular testing of installed security systems and processes
  11. Tracking and monitoring network access along with an access to cardholder information
  12. Maintenance of updated information security policy

The smart way to meet these requirements and thus, securing your network is through a layered approach. You can use a combination of strong and powerful tools that provide rich functionality and have excellent reporting capabilities.

However after the use of good software tools, there still remain certain common areas where organisations find it very difficult to meet compliance standards. They are listed as follows. Even more, a solution is provided along with to help you get them fixed.

Penetration Testing

The updated penetration testing requirements by PCI DSS need both network layer and application layer evaluations.

Tip: It is vital to perform this testing at least once a year and also after any significant changes is made. Also, the testers performing Penetration Testing need to be professionally qualified.

Vulnerability Scanning

Updated PCI-DSS requirements lists quarterly scans as mandatory after any significant changes are made. The scans need to be performed both from an internal as well external perspective. Such a scanning is referred to as vulnerability scanning.

Tip: After performing a scan, you must fix vulnerabilities and rerun the scan. Also, record keeping is a necessary task to be performed. You must not ignore maintenance of records for each scan.


PCI-DSS requirements specify that critical security patches need to be applied within one month of a release. It aims at providing high security by the rectification of any known vulnerabilities.

Tip: You must use automation to make the process easier. System configuration management software may be used for tracking patches and reporting non-compliance.

Last word: It is critical to note that compliance is a continuous process that must be carried throughout the year.

Image Courtesy: Flickr's Creative Commons

More about: Credit, Payment, Dataloss

Recommended Posts | Data Loss Prevention

Data Breach

How to Survive a Data Breach?

A data breach prevention strategy is very important for any organization for the management and protection of their confidential and critical information today because of the billions of Internet connected devices. There is a continuous growth in the risks and costs of a data breach ...
Emerging Security Threat Malvertising

Malvertising: An Emerging Security Threat

If you've disavowed yourself from suspicious email attachments and iffy websites, congratulations. You've taken one tiny step toward protecting yourself from malware. One Step! Unfortunately, protecting yourself from viruses and other security threats isn't as simple as knowing what not to click ...
What is Social Engineering

What is Social Engineering? 4 Ways we Let it Happen

Social Engineering has become a big problem. This is due of some factors: inadequate training, companies not thinking security is a big deal, and the threats getting more serious like Icloud Hacks. After high profile attacks people are still very trusting, responding especially well to endearment ...
Secure Your Business Data

How To Secure Your Business Data?

With so much business done over the internet these days and often via multiple devices, security is paramount if a company is to survive and prosper. The larger the business, the harder it can be to keep track of operations and employee activity, leaving companies large and small open to problems ...