History of PCI DSS Standard
PCI DSS Standard (Payment Card Industry Data Security Standard) is a global standard that establishes technical and operational criteria for protecting credit card payment data. The PCI Security Standards Council (PCI SSC) issued version 4.0 of the PCI Data Security Standard (PCI DSS) on March 31, 2022. The PCI DSS is a global standard that establishes a baseline of technical and operational standards for protecting account data.
PCI DSS Standard v3.2.1 has been upgraded v4.0
PCI DSS Standard v4.0 replaces PCI DSS version v3.2.1 to address emerging threats and technologies better and provide innovative ways to combat new threats. After v4.0 was launched, PCI DSS v3.2.1 will be operational for two years. This transition period from March 2022 to March 31, 2024 is intended to provide organizations with time to familiarize themselves with the changes in PCI DSS. In addition to the transition period when PCI DSS v3.2.1 and v4.0 will be active, organizations must implement new requirements identified as best practices in PCI DSS v4.0 by March 31, 2025.
Who is Subject to PCI DSS?
PCI DSS Standard requirements apply to all system components, including people, processes and technologies included in the cardholder data or cardholder data environment, and to the storage, processing or transmission of card data linked to that environment that accept credit cards. All organizations that accept credit cards are required to meet a total of 12 PCI DSS requirements. Compliance requirements vary depending on the type and volume of transactions carried out by the company and are determined by the acquiring bank. Layered cybersecurity services for your organization assist in fulfilling these requirements.
The 6 Control Objectives
Build and maintain a secure network and systems
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
The 12 Requirements for Compliance
The PCI DSS Standard twelve requirements for building and maintaining a secure network and systems can be summarized as follows:
Installing and maintaining a firewall configuration to protect cardholder data
Changing vendor supplied defaults for system passwords and other security parameters
Protecting stored cardholder data
Encrypting transmission of cardholder data over open, public networks
Protecting all systems against malware and performing regular updates of anti-virus software
Developing and maintaining secure systems and applications
Restricting access to cardholder data to only authorized personnel
Identifying and authenticating access to system components
Tracking and monitoring all access to cardholder data and network resources
Testing security systems and processes regularly
Assistance with audits
Maintaining an information security policy for all personnel
Requirement Declaration
It defines the main description of the requirement. The endorsement of PCI DSS is done on the proper implementation of the requirements.
Testing Processes
The processes and methodologies carried out by the assessor for the confirmation of proper implementation.
Guidance
It explains the core purpose of the requirement and the corresponding content which can assist in the proper definition of the requirement.
CONTACT US
Find out more about our PCI DSS Standard compliance services today.