The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council's mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security
Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.
If you store, process, or transmit credit card transactions, you must be able to demonstrate that you are PCI DSS compliant. Organizations that must comply include- merchants, merchant acquirers, payment processors, payment gateways and hosting service solution providers.
If you fail to comply, you could be barred from processing credit card transactions, or may be forced to pay higher processing fees, and in the event of a serious security breach, fines of up to $500,000 and criminal charges.
Compliance with PCI DSS may require changes to procedures around handling credit card information and other sensitive data, as well as implementing other security procedures.
ITarang can help your business get certified for PCI Compliance through consulting provided by our in-house audit and security PCI compliance experts. Our experts will guide your way through a step-by-step approach towards making your business fully compliant to PCI security standards. We will assist you in underlining your business security requirements, manage certification through self-assessment audit or by coordinating the engagement of an independent, Qualified Security Assessor.
PCI Compliance Assessment - Tarang will undertake to assess the functional roles in your company's internal departments and subsequently arrange for cross-functional meetings and multiple planning sessions comprised of functional stakeholders both internal and external. Thus, we will scope the project domain to determine the systems, technology, and processes that pertain to processing, storage, and transmission of sensitive financial cardholder data & information.
The roadmap to PCI compliance will consist of milestones such as:
The objective of the Pre-Audit Assessment is to identify gaps in compliance and underline priorities for PCI certification. Tarang will work hand-in-glove with your business to review all systems, policies, processes, and procedures under the PCI cloud consisting of