PCI DSS stands for Payment Card Industry Data Security Standard.
Security of cardholder data has become one of the biggest issues facing the payment card industry. PCI DSS is a set of regulations developed jointly by the leading card schemes to prevent cardholder data theft and to help combat credit card fraud.
The key requirements of PCI DSS are:
- Build and Maintain a Secure Network
• Install and maintain a firewall configuration to protect cardholder data
• Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program
• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
• Restrict access to cardholder data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data
- Regularly Monitor and Test Networks
• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes
- Maintain an Information Security Policy
• Maintain a policy that addresses information security
To learn more about PCI DSS, please visit http://www.pcisecuritystandards.org/
Compliance with PCI DSS is mandatory for any organization that stores, transmits or processes payment card transactions. TNS is a PCI DSS certified service provider. Read a summary of TNS' PCI DSS compliance status.
The PCI Security Standards Council Participating Organization logo is a trademark or service mark of The PCI Security Standards Council in the United States and in other countries.