What Is PCI DSS ?

About the PSI DSS, I want to introduce this term with a quote from in its documentation due to understandability and accuracy.

“The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).”

 

The Payment Card Industry Data Security Standard has been developed as a standard for e-commerce systems with new versions developed by the increasing use of internet shopping and the security gaps that credit cards have brought on this spread. There are some to compatibility requirements for standart. We can categorize them as follows.

 

What Are Requirements ?

 

Build and Maintain a Secure Network and Systems

Install and maintain a firewall configuration to protect cardholder data  

Do not use vendor-supplied defaults for system passwords and other security parameters

 

Protect Cardholder Data

Protect stored cardholder data

Encrypt transmission of cardholder data across open, public networks

 

Maintain a Vulnerability Management Program

Protect all systems against malware and regularly update anti-virus software or programs

Develop and maintain secure systems and applications

 

Implement Strong Access Control Measures

Restrict access to cardholder data by business need to know

Identify and authenticate access to system components

Restrict physical access to cardholder data

 

Regularly Monitor and Test Networks

Track and monitor all access to network resources and cardholder data

Regularly test security systems and processes

 

Maintain an Information Security Policy

Maintain a policy that addresses information security for all personnel

 

Recommended

As a Bekchy Web Application Firewall Team, we can provide more secure environment for your web applicaton and prevent attacks and disclosures about the sensitive data. Also you can monitor your security layers and protect yourself from malwares. Click to try Bekchy one week for free! (link)

 

Is PA DSS Enough For PSI DSS ?

In general we can explain the requirements of PSI DSS in the headings of these titles. Besides, it is useful to make a small reminder. You cannot be PSI DSS compliant by using PA DSS-compliant third-party software only. If this is the first time you have heard the term PA-DSS, let us define quickly.

PA-DSS means Payment Application Data Security Standard.  PA-DSS helps software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. So PA DSS is not enough for PCI DSS compliant.