PCI DSS Compliance
An actionable summary of how European Union Regulations impact the working capital, and how an organisation should plan its next steps to drive the regulation.
Chapter
06
PCI DSS Compliance
Directive #5:
PCI-DSS Compliance
PCI-DSS compliance is a matter of bread and butter for US but the calls to enforce the same has been unheard in Europe. Many organizations assume that PCI-DSS compliance is mandatory only when they process credit cards through website, not through a call or even outsourcing to third-party agencies. However, some countries such as Spain are taking the initiative to push the market to comply PCI DSS standards.
What is PCI-DSS Compliance?
- Build and Maintain a Secure Network Installation & maintenance of a firewall configuration to protect cardholder data; not using vender-specified defaults for passwords and security parameters.
- Protect Cardholder Data Protection of stored cardholder data; encrypted transmission of cardholder††data across open, public networks.
- Maintain a Vulnerability Management Program Regular update of† anti-virus software; Development and maintenance of secure systems & applications.
- Implement Strong Access†Control Measures Restricted access to cardholder data;Assignment of a unique ID to each person with computer access; restricted physical access to cardholder data.
- Regularly Monitor and Test Networks Tracking and monitoring all access to network resources and cardholder data; regular testing of† security systems and practices.
- Maintain an Information Security Policy Maintaining a policy that addresses information security.
What it means for your OTC team?
- Use Level III data processing.
- Enable 3rd party tokenization.
- Ensure secured data storage.
