PCI DSS Compliance
Any business or company that stores, processes, or transmits payment cardholder data is required to adhere with the Payment Card Industry Data Security Standard (PCI DSS).
The Payment Card Industry Data Security Standard is an industry-led global standard that specifies an array of technologies and practices that are required to protect valuable cardholder data.
With rules governing everything from data encryption to network segmentation, meeting PCI DSS requirements can be difficult to achieve, let alone maintain. It is a continuous effort that can be both time-consuming and laborious.
Failure to follow PCI DSS requirements may leave you (and the companies do business with) exposed to potential litigation and fines.
The goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect cardholder data wherever it is processed, stored, or transmitted. The security controls and processes required by PCI DSS are vital for protecting cardholder account data, including the PAN – the primary account number printed on the front of a payment card. Merchants and other service providers involved with card payment processing must never store sensitive authentication data after authorization. This sensitive data includes:
- information printed on a card
- information stored on a card’s magnetic stripe or chip
- the personal identification numbers entered by the cardholder
It is important to protect cardholders from fallout of a data breach. Organizations also have self-interest at heart because penalties for non-compliance can be significant. An organization could end up prohibited from processing payment card transactions. If they aren’t prohibited, they may end up with higher processing fees to run any transaction at all.
The penalties can be limitless.
discovery and containment
investigation of the incident
attorney and legal fees
loss of customer confidence
lost sales and revenue
brand degradation, etc.
PCI DSS adherence and applying it to your payment card transaction environment applies globally to all entities that store, process, or transmit cardholder data.
PCI DSS and its related security standards are administered by the PCI Security Standards Council. This council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating Organizations include merchants, payment card issuing banks, processors, developers and other vendors.
For companies to adhere to the regulations that have been set by the PCI Security Standards Council, there are three steps that can be taken:
- Assess – Companies should identify cardholder data, taking an inventory of IT assets and business processes for payment card processing. Analyze them for vulnerabilities that could expose sensitive data.
- Remediate – If vulnerabilities are found they should be fixed. It is important for companies to not be storing cardholder data unless it is needed at that time.
- Report – Submit required remediation validation records and compliance reports to the acquiring bank and card brands that the company does business with.
Loyal IT’s PCI DSS solutions will help your company fulfill the requirements that are necessary to be in compliance with the standard.
The PCI DSS requirements apply to all payment card network members, merchants, and service providers that store, process, or transmit cardholder data. The main requirements are as follows:
Build & Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor & Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security
What Our Clients Are Saying
Loyal IT and the entire team there have been partners in our success. From the time they began working with us we saw immediate improvement in functionality, reliability, and overall stability of our operating platform. In an independent cyber-security audit, Loyal IT helped our company achieve a better score than most companies significantly larger than ours. We appreciate that we have accomplished all of this within a reasonable budget and on a time line that worked for us. The best compliment I can give Loyal IT is that I do not often have to think about our operating platform but am able to focus on running our own business.
Chief Financial Officer
Publicly-traded Real Estate Investment Trust, Client Since 2014
I think Loyal IT is a wonderful and reliable service provider. They have a very courteous and knowledgeable staff. Our organization contemplated hiring a full-time engineer to manage our servers and computers. I am glad we picked Loyal IT to handle the job. Proud customer since 2006.
Vice President of Finance & Administration
Association with 6 branch locations, 600 Employees, Loyal IT Client for 10 Years
Our church has been a customer since 2001. Loyal IT was able to assess our needs as we grew as a parish and provide the service we have come to expect. Not only do you receive service during the sale but long after the equipment has been installed. We are very pleased with all the decisions Loyal IT helped us make.
Non-Profit Serving Over 5500 Families, Loyal IT Client for 15 Years
Loyal IT has been taking care of the computers in our offices for several years. They understand the true meaning of service. When I need them to take care of something, they do it fast and they do it right. Thank you Loyal IT!