Is your Business PCI Compliant?
PCI DSS (Payment Card Industry Data Security Standard) is an information security standard to ensure companies maintain a secure environment in order to securely handle cardholder data. The standard targets companies that store, process or transmit any cardholder data and ensures companies have the correct technical and operational requirements in place.
PCI DSS contains six categories:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
In these six categories are 12 x requirements that are broken down into sub-requirements, designed to ensure companies have the right controls and procedures in place to safeguard cardholder data.
Some of the requirements may cross over with Cyber Essentials, sharing certain controls or procedures that may already be in place.
The requirements are a mixture of both technical controls and procedures. These include; security policies, the clear separation of networks, computer hard drive encryption, development testing, penetration testing, vulnerability scanning and many more.
Becoming PCI DSS compliant will demonstrate that a business takes security seriously. This can be done by displaying the PCI DSS Certificate in the office reception, on the website and on email headers and stationary. Having PCI DSS is a great way to have the essential foundation security requirements for other standards and certifications, such as ISO 27001 and Cyber Essentials, it will additionally prepare companies for the imminent EU and UK GDPR – General Data Protection Regulation that comes into force on 25th May 2018. On that date, all UK businesses are required to comply.
For further information regarding PCI DSS, Cyber Essentials, GDPR, or any of our other security products and services, please call one of our security experts on 0345 450 9393.