About the PSI DSS, I want to introduce this term with a quote from in its documentation due to understandability and accuracy.
“The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).”
The Payment Card Industry Data Security Standard has been developed as a standard for e-commerce systems with new versions developed by the increasing use of internet shopping and the security gaps that credit cards have brought on this spread. There are some to compatibility requirements for standart. We can categorize them as follows.
What Are Requirements ?
Build and Maintain a Secure Network and Systems
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Protect all systems against malware and regularly update anti-virus software or programs
Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Restrict access to cardholder data by business need to know
Identify and authenticate access to system components
Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain an Information Security Policy
Maintain a policy that addresses information security for all personnel
As a Bekchy Web Application Firewall Team, we can provide more secure environment for your web applicaton and prevent attacks and disclosures about the sensitive data. Also you can monitor your security layers and protect yourself from malwares. Click to try Bekchy one week for free! (link)
Is PA DSS Enough For PSI DSS ?
In general we can explain the requirements of PSI DSS in the headings of these titles. Besides, it is useful to make a small reminder. You cannot be PSI DSS compliant by using PA DSS-compliant third-party software only. If this is the first time you have heard the term PA-DSS, let us define quickly.
PA-DSS means Payment Application Data Security Standard. PA-DSS helps software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements. So PA DSS is not enough for PCI DSS compliant.