What is the PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance credit card account data security. PCI DSS controls provide a baseline of technical and operational requirements designed to protect account data. While specifically designed to focus on environments with credit card account data, PCI DSS can also be used to bolster security and protect other elements in the financial ecosystem.
PCI DSS controls cover any business that:
- Processes digital transactions and payments using cards
- Stores credit card data
- Transmits cardholder information to another entity
- Has contact with protected cardholder data
What Is the Need For the PCI DSS?
Merchants that handle credit card information are a popular target for financial fraud. Lax security by merchants enables criminals to quickly steal and use personal consumer information from payment card transactions and processing systems.
Since online merchants so commonly deal with credit card transactions, they must use standard security procedures and technologies to prevent the theft of cardholder data. PCI controls are essential for account protection.
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally.
The PCI requirement list was developed to issue guidelines in these areas:
- Building and Maintaining a Secure Network and Systems
- Protecting Account Data
- Maintaining a Vulnerability Management Program
- Implementing Strong Access Control Measures
- Regularly Monitoring and Testing Networks
4 Common Vulnerability Sources Covered by the PCI DSS Standard
The PCI DSS covers merchant-based vulnerabilities that appear anywhere in the card-processing environment including these four common vulnerability sources:
- point-of-sale devices including mobile devices, tablets, and personal computers
- wireless hotspots
- web shopping applications
- the transmission of cardholder data to third-party services providers or in remote access connections.
What is a Point-of-Sale (POS) Device?
Your point-of-sale system is the hardware and software that enable your business to process sales and credit card transactions. Just a few years ago, a POS referred to a cash register, but today modern POS systems are well ahead of traditional cash registers in their technological capacity. Very often, POSs used today are simply tablets or phones connected to the internet that have credit card processing apps installed on them.
Vulnerabilities may also extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards. Compliance with the PCI DSS helps to alleviate these vulnerabilities and protect cardholder data.
Centraleyes provides a built-in PCI DSS questionnaire and has mapped it back to its control inventory allowing it to share data across multiple frameworks through the platform, which creates time savings, money savings, and more accurate data.
Schedule a demo to see how we can pave the way to PCI DSS compliance.
Please login or Register to submit your answer