Payment Card Industry Data Security Standards, abbreviated as PCI DSS, is a security standard that serves to protect cardholder information from the various imminent harms. They include card information thefts either from within the organization handling it or from external brute forces. Compliance to PCI-DSS is mandatory for all organizations dealing with credit, debit and ATM cards, as defined by the PCI Security Standards Council, which includes industry giants like Visa, Master Card and American Express.
To establish compliance, PCI-DSS lists out 12 major requirements and 2 special requirement-annexures that, when enforced in the organization, will considerably strengthen the security of the cardholder information that the organization handles. For an organization to be PCI compliant, they need to adhere to all the conditions as outlined by the requirements, in terms of network and resource-security.
With growing security threats, compliance to PCI-DSS is of utmost importance to merchants dealing with Payment Cards and the repercussions of non-compliance can be disastrous to the reputation and the finances of the organization.
While being compliant to PCI DSS - an already daunting task - is the first part, it it also required that you prove your organization's compliance to PCI-DSS. This PCI Audit is performed either with a set of questionnaires or by a Qualified Security Assessor, external to the organization.
EventLog Analyzer's compliance reports mainly cater to PCI DSS Requirement 10, that talks about tracking and monitoring all accesses to cardholder data. In addition to Requirement 10, EventLog Analyzer also helps establish compliance to a few other PCI DSS Requirements as well.