- Related Indusries
PCI Compliance & PCI Standards
The Payment Card Industry Data Security Standard
12 steps to reduce risk, maximize PCI compliance & stop ID theft
The Payment Card Industry Data Security Standard (PCI) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council. The standard was created to help organizations that process card payments prevent credit card fraud through increased controls of data and its exposure to compromise
Who must comply with (PCI)?
The standard applies to all organizations, which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands. PCI defines a 12 step process that vendors need to adhere to show that they are taking the necessary steps to avoid online access or compromise to their card processing data. Failure to achieve PCI compliance could cause a retailer to face substantial penalties - up to $500,000 -depending on the volume of transactions processed.
Fraud Fighter™, a division of UVeritech, enables organizations that process credit card payments to go a step beyond PCI compliance requirements by (a) validating the identification of the person presenting a credit card, (b) to authenticate the credit card itself, and (c) in those locations where high-volume credit card processing occurs, to capture an image of the identification document and store it in an encrypted file for later retrieval should a fraudulent transaction occur.
PCI’s “12 Step Process”
| Build and Maintain a Secure Network | |
| Requirement 1: | Install and maintain a firewall configuration to protect data |
| Requirement 2: | Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data | |
| Requirement 3: | Protect stored data |
| Requirement 4: | Encrypt transmission of cardholder data and sensitive information across public networks |
| Maintain a Vulnerability Management Program | |
| Requirement 5: | Use and regularly update anti-virus software |
| Requirement 6: | Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures | |
| Requirement 7: | Restrict access to data by business need-to-know |
| Requirement 8: | Assign a unique ID to each person with computer access |
| Regularly Monitor and Test Networks | |
| Requirement 9: | Restrict physical access to cardholder data |
| Requirement 10: | Track and monitor all access to network resources and cardholder data |
| Requirement 11: | Regularly test security systems and processes |
| Maintain an Information Security Policy | |
| Requirement 12: | Maintain a policy that addresses information security |
