PCI DSS Certificate
The PCI DSS standard (Payment Card Industry Data Security Standard) is a set of security requirements for the cardholder data that are stored, transmitted and processed in the information infrastructures of organizations.
The primary objectives of the PCI DSS standard are to ensure the network infrastructure security and protect the cardholder data, as these are the most soft spots that directly threaten with the confidentiality and money loss.
Such companies as VISA and MasterCard require from the trading enterprises and various service providers, who accept payments from the customers through these payment systems, to comply with the PCI DSS standard in order to have the security assurance that their clients’ funds are safe.
The PCI DSS standard regulates the payment system operating rules as well as their development and monitoring procedures.
The PCI DSS standard requirements apply to the trading companies, banks, service providers of all kinds, retail stores, call centers, payment gateways and other enterprises and organizations that deal with the processing, transmitting and storing of cardholder data.
The standard contains only 12 clear and detailed requirements. Let’s enumerate all of them.
- Data-processing network security;
- Configuration of the information structure components;
- Stored cardholder data protection;
- Transmitted cardholder data protection;
- Anti-virus information infrastructure protection;
- Information system development and support;
- Cardholder data access control;
- Authentication mechanisms;
- Physical protection of the information infrastructure;
- Information security management;
- Event and action logging;
- Information infrastructure security;