Pin Me

PCI Compliance, The Basics

written by: Andy Malburg•edited by: Bill Bunter•updated: 1/28/2011

All around the world there are major security breaches that affect both the stability and profitability of small businesses. PCI compliance is a major issue that all businesses need to be concerned about.

  • slide 1 of 1


    PCI Compliance, the basics:

    Being a network engineer for a company definitely has its ups and downs. My last job that I had was very heavily involved in a topic called PCI Compliance. Essentially, any merchant who accepts a consumer’s credit card information should adhere to these 12 specific “rules”. This standard was brought about by the major credit card companies to try and get a general rule by which to protect consumer credit card data. The 12 points of the PCI DSS (Payment Card Industry Data Security Standard) are as follows:

    Secure Network:

    1. Protect all data through the implementation of a Firewall on the network where the data is.

    2. Do not use ANY default passwords that come on any network devices

    Protect Cardholder Data:

    3. Protect all cardholder data

    4. Encrypt the transmission of all data that goes over public networks

    Maintain a vulnerability program:

    5. Use and regularly update an anti-virus software program on all machines that have cardholder data.

    6. Develop and maintain secure systems and applications

    Implement strong access control measures:

    7. Restrict access to the data by using file protection to specific people who “need to know”

    8. Every person who has a login to a system with data must have a unique “login”

    9. Physical access to the data must be restricted to people who “need to know”

    Regularly monitor and test network:

    10. Track and monitor all access to the systems that have the cardholder data

    11. Regularly test the security of the network

    Maintain an Information Systems Security policy.

    12. Maintain a policy that will address all aspects of the network in regards to protecting cardholder data.

    In the next article we will expand upon this subject by talking about the importance of this standard and how it can affect businesses who do not take the necessary precautions.