What is PCI DSS compliance?

AndDone uses PCI DSS compliance to keep data safe.

PCI DSS Basics

PCI DSS stands for the Payment Card Industry Data Security Standard. This standard was established by major credit card companies to ensure the protection of cardholder data and reduce the risk of security breaches. It is a set of 12 requirements that organizations must follow to achieve and maintain compliance with the standard. Compliance with PCI DSS helps to protect sensitive information and maintain the trust of customers and the security of transactions. 

Click here to learn what PCI DSS compliance means for sub-merchants.

Who Has to Comply?

  1. Member Banks, which are the acquiring bank and card-issuing banks.
  2. Merchants, who accept major card brands, including Visa, Mastercard, American Express, and Discover.
  3. Service Providers, which are internet gateways, shopping cart vendors, and hosting companies.

The 12 Requirements

The 12 requirements of PCI DSS are essential guidelines that organizations follow to achieve and maintain compliance with the Payment Card Industry Data Security Standard. These requirements are designed to protect cardholder data and reduce the risk of security breaches. Let's take a closer look at each of the requirements:

  1. Install and maintain a firewall configuration: This requirement focuses on implementing and maintaining a robust firewall to protect cardholder data from unauthorized access.
  2. Do not use vendor-supplied defaults for system passwords: Organizations must change default passwords and ensure that strong, unique passwords are used to secure systems and devices.
  3. Protect stored cardholder data: This requirement emphasizes the importance of encrypting cardholder data when it is stored to prevent unauthorized access.
  4. Encrypt transmission of cardholder data across open (public) networks: Organizations must use encryption techniques to protect cardholder data transmitted over public networks, such as the internet.
  5. Use and regularly update antivirus software: This requirement highlights the need for organizations to deploy and update antivirus software to protect their systems from malware and other malicious threats.
  6. Develop and maintain secure systems and applications: Organizations must implement secure coding practices and regularly update their systems and applications to protect against vulnerabilities and security flaws.
  7. Restrict access to cardholder data: This requirement focuses on implementing access controls to ensure only authorized individuals can access cardholder data.
  8. Assign a unique ID to each person with computer access: Organizations must maintain a unique identification for every user with computer access to track and monitor their activities.
  9. Restrict physical access to cardholder data: This requirement emphasizes the need for physical security measures, such as access controls and surveillance systems, to protect cardholder data stored in physical locations.
  10. Track and monitor all access to network resources and cardholder data: Organizations must implement logging and monitoring mechanisms to track and review all access to network resources and cardholder data.
  11. Regularly test security systems and processes: This requirement emphasizes the importance of conducting regular security testing and vulnerability assessments to identify and address weaknesses or vulnerabilities.
  12. Maintain a policy that addresses information security for all personnel: Organizations must develop and maintain a comprehensive information security policy that outlines the responsibilities and requirements for all personnel.

It is important to note that the responsibilities for achieving PCI DSS compliance differ for AndDone, sub-merchants, and customers. AndDone, as a service provider, must comply with the requirements specified in their contracts with merchants and ensure that the necessary security measures are in place. On the other hand, sub-merchants are responsible for implementing and maintaining the required security controls to protect cardholder data. Customers play a vital role in maintaining the security of their payment card information by regularly monitoring their accounts and promptly reporting any suspicious activities.

 

Click here to learn what PCI DSS compliance means for sub-merchants.


If you need assistance or have further questions, please refer to our self-service Knowledge Base!