PCI DSS (Payment Card Industry Data Security Standard) - a set of standards created by card issuers such as Visa and MasterCard to ensure the security of credit card details online.
As an online credit card processor, SecurePay is subject to standards imposed on the industry by major card issuers such as Visa and MasterCard.
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of guidelines developed to help organisations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments.
The PCI DSS, a set of comprehensive requirements for enhancing payment data security, was developed by the founding payment brands of the Payment Card Industry Security Standards Council, including MasterCard and Visa, to encourage the broad adoption of consistent data security measures around the world.
The PCI DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to assist organisations proactively protect their customer’s information.
The core of the PCI DSS is a set of principles and accompanying requirements, around which the specific elements of the DSS are organised:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Service Providers such as SecurePay must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company each year. SecurePay’s PCI DSS Audit is conducted by a third party certified QSA and QPASC under the Payment Card Industry Data Security Standard Program.