+971 4 327 7775 dubai@hlbhamt.com
Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard

PSI DSS is an information security standard that aims to optimize the security of credit, debit and cash card transactions in organisations. The primary objective of Payment Card Industry Data Security Standard is to reduce fraud by protecting personal information of cardholders. According to the PCI Data Security Standard, there are 12 compliance requirements which are divided into 6 groups termed as ‘control objectives’. The 6 groups are:

Building and maintaining a secure network

A firewall configuration provides a secure network and protects cardholder data without causing any sort of inconvenience to users. Also, vendor-supplied defaults must not be used for system passwords and PINs.

Protecting Cardholder Data

Data of cardholders, that include dates of birth, names, social security numbers, phone numbers and email ids should be protected.  Effective encryption of data is a must when it comes to transmission through public networks.

Vulnerability Management

Anti-virus software should be used on all systems commonly affected by malware and it should be updated on a regular basis. It must be ensured that applications are free of bugs and vulnerabilities.

Implementing control on Access to system information

Control should be imposed on cardholder data access and people who have access to computer should be provided with a unique ID. Physical access to cardholder data should be monitored and restricted in the cardholder data environment by using appropriate facility entry controls.

Monitoring and testing networks

Constant monitoring and testing of networks is mandatory as it ensures that all security measures and processes are in place, up-to-date and are operating properly.

Maintaining an Information Security Policy

Organisations must define, maintain and follow a security policy which must be reviewed and updated regularly. Implementing an incident response plan can be helpful in responding to system breaches instantly.
Companies that fail to meet the above stated compliance requirements are at risk of losing payment card data or getting their information stolen. HLB Hamt assists our clients in achieving PCI DSS compliance and certification. We analyse cardholder data flow and consult companies on the measures that need to be taken to safeguard personal information of cardholders.

Mobile:
+971 50 749 0576

Phone:
+971 4 327 7775

Fax:
+971 4 327 7677