PCI DSS - Payment Card Industry Data Security Standard
PCI DSS - Payment Card Industry Data Security Standard is a set of policies and procedures that are intended to optimize the security of credit card transactions and protect cardholders against misuse of cardholder information.
With growing trend of payments going cashless and onto cyber space, there is a need to secure the environments of accepting such ePayments. The security and quality of payment systems can be enhanced through the adoption of relevant standards and best practices and make electronic payments secure to all. The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
What is PCI DSS? PCI DSS was established to protect cardholder data to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI DSS is applicable for:
- Service providers such as ePayments service providers, VANs
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
How can DNV GL help?
As a Qualified Security Assessor, DNV GL is able to help organizations be compliant towards PCI DSS standard based on a continuous process:
- Assess: Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing, and analyzing them for vulnerabilities.
- Remediate: Fixing vulnerabilities and eliminating the storage of cardholder data unless absolutely necessary.
- Report: Compiling and submitting required reports to the appropriate acquiring bank and card brands.