PCI-DSS

13th January 2021 | Cybrary

PCI-DSS (Payment Card Industry-Data Security Standard) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information manage it safely and in a secure environment. PCI-DSS was launched in 2006 to manage PCI security standards and improve account security throughout the transaction process and has been updated every 2 to 3 years since that time with updated prescriptions. The current version of PCI-DSS compliance is v3.2.1 and is available here for reference.

Every time users provide sensitive information such as their name, account number, and credit card information, they are putting their trust in the organizations that process their transactions. That brand and trust come from a strong protective standard. Companies that fail to comply with PCI-DSS can receive severe penalties including losing the right to accept payment cards entirely until they remedy the security short-comings in their cybersecurity program. There is also brand damage to a business’s reputation whenever they’re implicated in a credit card breach.

Source: DigitalGuardian, Netwrix

Additional Resources: An Overview of PCI Compliance

Related Terms: CMMC Standard, SSAE Compliance

PCI-DSS Breach Articles: 2007 TJX Breach Summary

What does this mean for an SMB?

If your SMB deals with cards as a form of payment you should be aware of these standards and do what you can to secure your data. CyberHoot recommends implementing these actions to improve your PCI-DSS compliance at your business:

Install and maintain a firewall on your networks
Encrypt all transmissions of cardholder data across public networks
Regularly update anti-virus and anti-malware on all systems
Ensure only authorized personnel have access to sensitive cardholder data
- Implement the principle of least privilege
Monitor access to all network resources and cardholder data
Establish and maintain policies that address cardholder data security
Train and test employees on phishing threats