The Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
It specifies 12 requirements for compliance organized into six logically related groups called "control objectives". They are as follows:
Build and maintain a secure network:
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data:
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program:
Use and regularly update antivirus software on all systems commonly affected by malware
Develop and maintain secure systems and applications
Implement strong access control measures:
Restrict access to cardholder data by business need-to-know
Assign a...