The Payment Card Information Data Security Standard is an industry standard for securing cardholder data around the world. Anyone processing, storing or transmitting cardholder data must adhere to it if they want to use cards from the major payment card brands who created and adopted the standard.
The PCI DSS consists of 12 requirements, or demands, each made up of several more specific, related controls. For example, PCI Requirement 1 covers the construction and maintenance of a secure network infrastructure. Meeting this overall requirement entails confirming the presence of properly secured firewalls, routers and other applications to prevent unauthorized access to the cardholder data environment.
To help merchants, vendors and other entities undertaking the process of becoming PCI compliant, we created this handy 12-step PCI checklist culled from the PCI SSC Quick Reference Guide.
PCI Compliance Requirements Checklist
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel
When determining how best to meet these requirements, consider tokenization’s emergence as a stronger, simpler solution for PCI compliance. Tokenization captures payment card data before it even enters a merchant’s environment and then stores that data in a secure vault. This accomplishes two things: it saves businesses money by eliminating the need to pay for the hardware, software and internal systems required to perform network segmentation, and it increases security by making data inaccessible to thieves and hackers. In the event of a breach, the only things to be compromised are worthless tokens that cannot be used by hackers to retrieve the corresponding sensitive data.
This superior functionality provides an exciting alternative for entities looking to more efficiently and easily operate within PCI standards. For a comprehensive look at PCI controls – and which ones are covered by TokenEx’s cloud-based tokenization solution – download our Compliance and Solutions ebook here.