With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.
Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).
The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/
Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.
PMP reports the violations in your network from the requirements of Payment Card
Industry (PCI) Data Security Standard (DSS), relevant to the use and management practices of shared administrative, software and service account passwords of various systems. PCI DSS requirements 2,3,7,8,10 & 12 are covered in this report.
You have the option to generate separate compliance reports for each PCI DSS requirement 2,3,7,8,10 & 12. You can also generate a consolidated PCI DSS report too.