PCI DSS Compliance
Any business or company that stores, processes, or transmits payment cardholder data is required to adhere with the Payment Card Industry Data Security Standard (PCI DSS).
The Payment Card Industry Data Security Standard is an industry-led global standard that specifies an array of technologies and practices that are required to protect valuable cardholder data.
With rules governing everything from data encryption to network segmentation, meeting PCI DSS requirements can be difficult to achieve, let alone maintain. It is a continuous effort that can be both time-consuming and laborious.
Failure to follow PCI DSS requirements may leave you (and the companies do business with) exposed to potential litigation and fines.
The goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect cardholder data wherever it is processed, stored, or transmitted. The security controls and processes required by PCI DSS are vital for protecting cardholder account data, including the PAN – the primary account number printed on the front of a payment card. Merchants and other service providers involved with card payment processing must never store sensitive authentication data after authorization. This sensitive data includes:
- information printed on a card
- information stored on a card’s magnetic stripe or chip
- the personal identification numbers entered by the cardholder
It is important to protect cardholders from fallout of a data breach. Organizations also have self-interest at heart because penalties for non-compliance can be significant. An organization could end up prohibited from processing payment card transactions. If they aren’t prohibited, they may end up with higher processing fees to run any transaction at all.
The penalties can be limitless.
discovery and containment
investigation of the incident
attorney and legal fees
loss of customer confidence
lost sales and revenue
brand degradation, etc.
PCI DSS adherence and applying it to your payment card transaction environment applies globally to all entities that store, process, or transmit cardholder data.
PCI DSS and its related security standards are administered by the PCI Security Standards Council. This council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating Organizations include merchants, payment card issuing banks, processors, developers and other vendors.
For companies to adhere to the regulations that have been set by the PCI Security Standards Council, there are three steps that can be taken:
- Assess – Companies should identify cardholder data, taking an inventory of IT assets and business processes for payment card processing. Analyze them for vulnerabilities that could expose sensitive data.
- Remediate – If vulnerabilities are found they should be fixed. It is important for companies to not be storing cardholder data unless it is needed at that time.
- Report – Submit required remediation validation records and compliance reports to the acquiring bank and card brands that the company does business with.
Cube 6 Development’s PCI DSS solutions will help your company fulfill the requirements that are necessary to be in compliance with the standard.
The PCI DSS requirements apply to all payment card network members, merchants, and service providers that store, process, or transmit cardholder data. The main requirements are as follows:
Build & Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor & Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security
What Our Clients Say About Us
The current Software product range offered by Cube 6 Development is innovative, practical and user friendly. With ongoing customer-base driven features and product support that is second to none, I have complete confidence when making any product investment decision.
Chief Executive Officer
Cube 6 Development Client Since 2012
It has been a real pleasure to work with Cube 6 Development. I have been extremely happy with their professionalism, quality of work and creative ideas. They are very focused on getting the job done in a timely manner, and have been a great communicator. Cube 6 Development also has innovated ways to keep the development costs down, which is greatly appreciated. I highly recommend Cube 6 Development and will continue to do business with them on an ongoing basis.
Cube 6 Development Client Since 2014
When I decided to set up my first website, I had no idea where to begin. I didn’t know anything except that I wanted to be able to publish new entries to my website spontaneously and on my own. Cube 6 Development listened to my vision of the site, guided me through the creation process at my own pace and patiently answered all my questions. Even after the site was up and running Cube 6 Development were always available to answer my questions or teach me something new to make my work easier or make the site more professional and efficient.
Cube 6 Development gave me the skills and confidence to gradually take on more and more of the day-to-day activities for my site and I know that when I am ready to add more features to my site, Cube 6 Development will be there to help me every step of the way.