Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
36 views2 pages

Introduction To PCI DSS Transcript

PCI DSS v4.0

Uploaded by

ebsumnulu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views2 pages

Introduction To PCI DSS Transcript

PCI DSS v4.0

Uploaded by

ebsumnulu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

The Payment Card Industry Data Security Standards, or PCI DSS, is a set of

requirements that provide clear and common standards for protecting cardholder
data. These requirements apply internationally and to any entity that stores,
processes, or transmits cardholder data. As our organization handles cardholder
data, we must follow those requirements.

Cardholder data includes the payment card number (known as a Primary Account
Number, or PAN) and any associated account information, including the
cardholder’s name, the payment card’s expiration date, the three or four-digit
verification code, and any other authentication data related to the cardholder.

It is important to note that as an international standard, the PCI DSS may be


superseded by local laws and regulations. If you are unsure if a requirement applies
to you in your current location, check with our compliance team or legal counsel.
Also, PCI DSS represents the minimum requirements to be compliant and handle
cardholder data. More stringent guidelines may be appropriate based on your risk.
PCI DSS is composed of both technical and operational requirements, including:

Build and maintain a secure network and systems

Protect cardholder data

Maintain a vulnerability management program

Implement strong access control measures

Regularly monitor and test networks

Maintain an information security policy


PCI DSS includes requirements for information systems, but also for the handling,
access to, and storage of physical cardholder data. PCI DSS has over 200 total
requirements, but only some of them will be directly applicable to you in your
current job. Additionally, compliance with PCI DSS will require either external
audits or internal reviews.

Most of the requirements are based on common sense practices to protect customer
cardholder data. At a high level, we should follow these basic tenets:

Validate the security of the systems that handle our cardholder data with our IT
teams or vendors.

When using or storing cardholder data, use it to authorize the card and only
maintain that data for as long as it’s needed. We should not hold cardholder data
for extended periods of time. This includes both hard copies (printouts) and
electronic copies.

Limit access to cardholder data to only those people who need it.

If we capture the Card Verification Code (the 3- or 4-digit number dependent on


card brand used for card-not-present transactions) or magnetic stripe data for
authorization, we MUST dispose of this data after card authorization.

Remember: our customers are relying on us to keep their data secure!

You might also like