PCI Compliant Web Hosting Cheap PCI Compliant Hosting
Home | Top 3 PCI Compliant Hosts | Security Info | PCI Requirements & Info | Articles | Contact us
 
Google ad
 

Payment Card Industry Requirements

In order to meet PCI DSS requirements there are 12 main sections you have to you have to be familiar with in order to help protect the credit card data of your customers and clients. Each of the 12 main sections will have subsections with additional requisites you need to follow. You can find the official specifications here payment card industry requirements.

There is a lot to go through when viewing the PCI security standards for the first time, but we recommend you follow the old adage, How do you eat an elephant? One bit at a time. approach, and work on item at a time, and once you have fulfilled that, then go on to the next one.

Here are some more details on Payment Card Industry Compliance Requirements, the notations under each requirement are meant to be a guide, and give you a starting point, it is advised you consult a certified security professional, approved scanning vendor (ASV), and/or qualified site accessor (QSA) before implementing any suggestions in the below documents in a production environment.

Build and Maintain a Secure Network

PCI Section 1 Requirements Install and maintain a firewall configuration to protect cardholder data
PCI Section 2 Requirements Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

PCI Section 3 Requirements Protect stored cardholder data
PCI Section 4 Requirements Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

PCI Section 5 Requirements Use and regularly update anti-virus software
PCI Section 6 Requirements Develop and maintain secure systems and applications

Implement Strong Access Control Measures

PCI Section 7 Requirements (Coming Soon): Restrict access to cardholder data by business need-to-know
PCI Section 8 Requirements (Coming Soon): Assign a unique ID to each person with computer access
PCI Section 9 Requirements (Coming Soon): Restrict physical access to cardholder data

Regularly Monitor and Test Networks

PCI Section 10 Requirements (Coming Soon): Track and monitor all access to network resources and cardholder data
PCI Section 11 Requirements (Coming Soon): Regularly test security systems and processes

Maintain an Information Security Policy

PCI Section 12 Requirements (Coming Soon): Maintain a policy that addresses information security



12 Payment Card Industry Requirements

Be sure to check back regularly as the PCI rules change from time to time. The PCI Security Standards Council recently changed from a 2 year life cycle, to a 3 year life cycle for the PCI DSS requirements. The new version PCI DSS 2.0 will be released at the end of September, 2010, and therefore the next new version of the PCI standards will be out in 2013.

Once you have address all the elements of the payment card industries regulations and addressed any concerns with your hosting provider or security consultant you will find you have a safer and more secure environment for your business, your customers, and you are doing your part to make the Internet as a whole safer, and to protect the ecommerce industry and the safe use of credit cards online. No matter how large or small your company is, or what level PCI merchant you are you will definitely benefit from becoming PCI compliant.

 
PCI Compliant Hosting | Contact Us | Advertising Info | LXer - #1 Linux News Source | Disclaimer
All Rights Reserved 2012