Ensure PCI Compliance with Automated PCI Compliance Management Solution
The good old days of paying in cash are definitely over as plastic cards replace paper money. Today
people carry different kinds of cards in their wallet namely debit cards, credit cards, prepaid cards, e-
purse cards, ATM cards, and POS cards.People use cards for every kind of monetary transactions over
the Internet, over the phone and even in person. Though the use of cards has made life easy, it has made
it less secure as well.
The number of complaints received by the Federal Trade Commission (FTC) in the year 2011 serves as a
proof. Of the 1.8 million complaints received, 15% were on fraud and identity theft, which includes data
breaches associated with cards. This definitely proves the need for all members of the payment card
industry such as financial institutions, credit card companies and merchants to comply with PCI
The Payment Card Industry Data Security Standard (PCI DSS) was established to protect cardholder
data and identity theft. As part of this policy all entities accepting, storing and transmitting credit card data
had to be PCI compliant. It originally began as five different security programs by five major card brands
namely Visa (Visa Card Information Security Program), American Express (American Express Data
Security Operating Policy), MasterCard (MasterCard Site Data Protection), JCB (JCB Data Security
Program) and Discover Card (Discover Information and Compliance). In 2006, they decided to bring in
the separate policies and procedures under one single umbrella called the PCI DSS.
For companies and organizations to be PCI complaint, they need to adhere to the 12 security
requirements specified within the PCI DSS. The following are a list of the 12 security requirements.
1. The members of the payment card industry must install and effectively maintain a firewall
configuration to protect the sensitive cardholder data.
2. For system passwords and other security parameters, the ones supplied by the vendor shall
never be used.
3. Adequate measures need to be taken to protect stored cardholder data.
4. When transferring cardholder data across open public networks it is to be ensured the data is
5. It is to be ensured that all systems have the current updated version of the antivirus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data to those persons who genuinely need the information.
8. Assign a unique ID to those people accessing the computer containing cardholder data.
9. Restrict physical access to cardholder data.
10. All access to network resources and cardholder data must be regularly tracked and monitored.
11. Test security systems and processes regularly.
12. Maintain a policy that addresses information security and adhere to it.
Companies can ensure a future-proof compliance solution by investing in an automated PCI compliance
management solution that gets constantly updated with the latest versions and revisions of the act.
Click here to read more on - vendor management solutions, audit log