PSI DSS is an information security standard that aims to optimize the security of credit, debit and cash card transactions in organisations. The primary objective of Payment Card Industry Data Security Standard is to reduce fraud by protecting personal information of cardholders. According to the PCI Data Security Standard, there are 12 compliance requirements which are divided into 6 groups termed as ‘control objectives’. The 6 groups are:
A firewall configuration provides a secure network and protects cardholder data without causing any sort of inconvenience to users. Also, vendor-supplied defaults must not be used for system passwords and PINs.
Data of cardholders, that include dates of birth, names, social security numbers, phone numbers and email ids should be protected. Effective encryption of data is a must when it comes to transmission through public networks.
Anti-virus software should be used on all systems commonly affected by malware and it should be updated on a regular basis. It must be ensured that applications are free of bugs and vulnerabilities.
Control should be imposed on cardholder data access and people who have access to computer should be provided with a unique ID. Physical access to cardholder data should be monitored and restricted in the cardholder data environment by using appropriate facility entry controls.
Constant monitoring and testing of networks is mandatory as it ensures that all security measures and processes are in place, up-to-date and are operating properly.
Organisations must define, maintain and follow a security policy which must be reviewed and updated regularly. Implementing an incident response plan can be helpful in responding to system breaches instantly.
Companies that fail to meet the above stated compliance requirements are at risk of losing payment card data or getting their information stolen. HLB Hamt assists our clients in achieving PCI DSS compliance and certification. We analyse cardholder data flow and consult companies on the measures that need to be taken to safeguard personal information of cardholders.