PCI Compliance
Payment Card Industry Data Security Standard
We can help you Obtain and Maintain PCI Compliance
PCI Compliance is critical if you plan on processing card payments for your business. At Crell Cloud we have assisted a number of companies obtain PCI compliance and ensure they maintain their compliance through regular security audits.
What is PCI Compliance?
PCI compliance is a set of standards and guidelines for businesses to manage and secure credit card related personal data. All of the major credit card companies, such as Visa, Mastercard, and American Express – established Payment Card Industry Data Security Standards (PCI DSS) guidelines in 2006 in an effort to protect credit card data from theft.
Goals of PCI Compliance
PCI DSS is the roadmap to follow to become PCI compliant.
Build and maintain a secure network and systems
- Requirement 1
- Install and maintain a firewall configuration to protect cardholder data
- Requirement 2
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Requirement 1
Protect cardholder data
- Requirement 3
- Protect stored cardholder data
- Requirement 4
- Encrypt transmission of cardholder data across open, public networks
- Requirement 3
Maintain a vulnerability management program
- Requirement 5
- Protect all systems against malware and regularly update anti-virus software or programs
- Requirement 6
- Develop and maintain secure systems and applications
- Requirement 5
Implement strong access control measures
- Requirement 7
- Restrict access to cardholder data by business need to know
- Requirement 8
- Identify and authenticate access to system components
- Requirement 9
- Restrict physical access to cardholder data
- Requirement 7
Regularly monitor and test networks
- Requirement 10
- Track and monitor all access to network resources and cardholder data
- Requirement 11
- Regularly test security systems and processes
- Requirement 10
Maintain an information security policy
- Requirement 12
- Maintain a policy that addresses information security for all personnel
- Requirement 12