PCI DSS compliance? It’s not for me, I don't even know what is that?
So when was the last time you used your Debit/credit card? Yesterday maybe, well I did. I payed my cellular bill online. I know most of us use our cards either to buy online from from E-commerce sites, or swipe it manually. Does the merchant store or save your information?? You can't say for sure now can you? When was the last time you were asked while making the transaction, " Do you want to store your card information for future transactions"
So the Payment Card Industry Data Security Standard (PCI DSS) includes extensive requirements related to securing privileged accounts in cardholder data environments. The PCI DSS, is an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB . It is important to know that the payment brands and acquirers are responsible for enforcing compliance, So if your merchant is saving your card information, is he compliant to do so?
So ideally The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.So what kind of security of an organization who stores and accepts payments, look like?
First off the very basic,
1. FIREWALL’S- that are robust enough to be effective without causing undue inconvenience to cardholders or vendors.
2. Digital encryption- Repositories with vital data such as dates of birth, mothers' maiden names, Emirates ID, phone numbers and mailing addresses should be secure against hacking
3. Vulnerability assessment’s and ethical penetration testing services both internal and external should be conducted to close open the door to exploits in which cardholder data could be stolen or altered. Patches offered by software and operating system (OS) vendors should be regularly installed to ensure the highest possible level of vulnerability management.
4. PIM- Privilege access management -access to system information and operations is restricted and controlled.
5. Continuous monitoring- networks are constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date.
6. Policies and procedures - Enforcement measures such as audits and consequences for non-compliance are necessary to make sure you are compliant and that others information is securely kept.
Worth a thought right?
Do you have these basic security measures in place? If you would like to know more, please visit https://www.dts-solution.com/services/compliance-consulting/pci-dss/
Or reach out to me at [email protected]