What is PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a proprietary information security standard comprising technology requirements and process requirements designed to prevent fraud when handling credit card information. All companies who handle credit cards are subject to this standard.
To be PCI DSS compliant, organizations must meet twelve PCI DSS requirements. Reflection aids compliance with requirements 3,4,6,7 and 10.
|PCI DSS Requirements
|Install and maintain a firewall configuration to protect cardholder data.
|Do not use vendor-supplied defaults for system passwords and other security parameters.
|Protect stored cardholder data.
|Encrypt transmission of cardholder data across open, public networks.
|Use and regularly update antivirus software.
|Develop and maintain security systems and applications.
|Restrict access to cardholder data by business need-to-know.
|Assign a unique ID to each person with computer access.
|Restrict physical access to cardholder data.
|Track and monitor all access to network resources and cardholder data.
|Regularly test security systems and processes.
|Maintain a policy that addresses information security.