Question 1

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Accepted Answer

The PCI DSS is a set of requirements explaining how to protect you and your customers when taking card payments. These are industry-spanning requirements, so all suppliers taking payments should take the PCI DSS seriously.

Question 2

Who created the PCI DSS?

Accepted Answer

Visa, MasterCard, Discover Financial Services, JCB International and American Express created the PCI DSS in 2004.

Question 3

What are the 12 PCI DSS requirements?

Accepted Answer

Secure network

A firewall must be installed and maintained
    System passwords must be original, not vendor-supplied

Secure cardholder data

Stored cardholder data must be protected
    Transmitting cardholder data across public networks must be encrypted

Vulnerability management

Antivirus software must be adopted and regularly updated
    Secure systems and applications must be developed and maintained

Access control

Cardholder data access must be restricted to a need-to-know basis
    Everyone with computer access must have a unique ID
    Physical access to cardholder data must be restricted

Network monitoring and testing

Access to cardholder data and network resources must be tracked and monitored
    Security systems and processes must be regularly tested

Information security

An information security policy must be maintained

Question 4

What are the PCI DSS compliance levels?

Accepted Answer

Your compliance level is based on the annual number of credit/debit card transactions your business processes. The level determines what you must do to maintain compliance.
Level 1: 6 million transactions per year
Level 2: 1-6 million transactions per year
Level 3: 20,000-1 million transactions per year
Level 4: <20,000 transactions per year

Question 5

What is the first step to PCI DSS compliance?

Accepted Answer

An organization that starts taking card payments has 90 days to meet the PCI DSS requirements. After this, you must maintain compliance and show it at least once a year.

Question 6

What is the PCI DSS certification process?

Accepted Answer

Understand the requirements: familiarize yourself with the 12 certification requirements
    Identify your organization&rsquo;s needs: determine the requirements relevant to you, based on the four compliance levels
    Locate and map your payment card movements: create a data map outlining your security systems, physical access to network resources and apps interacting with card data in your business. Identify all customer-facing aspects linked to card payments and the various pathways and weaknesses
    Complete a Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC): an SAQ helps you double-check self-assessment answers. A ROC is for Level 1 companies undergoing security audits, as they are valid for one year
    Examine your security controls and protocols: the aim is to establish the correct security settings and protocols
    Conduct quarterly scans: routinely check your operations and methods to remain compliant and follow best practices. An Approved Scanning Vendor (ASV) ensures your scans are reliable and meet PCI guidelines
    The risk/audit/security assessment: perform a detailed risk assessment in your payment environment, measuring the complex payment flow
    Conduct a gap analysis: review the PCI DSS requirements to identify gaps before creating a remediation plan to close them quickly
    Conduct an internal PCI DSS audit: your internal expert or a third-party auditor checks your security functionality, reviews documents and determines any noncompliance
    Continuously monitor your system: as the PCI DSS is an ongoing process you must regularly review plans and systems, consider additional reports and involve the relevant people
    Prepare for PCI DSS certification: select an external Qualified Security Assessor (QSA) and what they will evaluate. The audit evaluates your security controls against the applicable requirements in your data environment, including devices, public networks and apps handling cardholder information. They also review your overall security requirements before creating a detailed report

Question 7

How does the PCI DSS assessment work?

Accepted Answer

Every organization is different, from its size and type to its information security and cybersecurity measures. Therefore, an organization is judged individually. What you must do to comply depends on your potential security risks.

Question 8

What are the penalties for noncompliance?

Accepted Answer

If you cannot prove you are protecting customer cardholder data, the consequences could be severe for both sides, including:

Lawsuits
Financial penalties
Reputational damage
Customer disillusionment and distrust
Theft of customers&rsquo; money and identities

Loading component...

What are you looking for?

Some topics you might be interested in

Loading component...

Payment Card Industry Data Security Standard (PCI DSS) Certification

Loading component...

Loading component...

Elevate your data protection standards with PCI DSS certification from SGS

Loading component...

Unrivaled PCI DSS expertise and support

Loading component...

Loading component...

FAQ

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Who created the PCI DSS?

What are the 12 PCI DSS requirements?

What are the PCI DSS compliance levels?

What is the first step to PCI DSS compliance?

What is the PCI DSS certification process?

Loading component...

Loading component...

Loading component...

Related Services

Loading component...

More Services

Loading component...

News & Insights

Loading component...

Contact Us

Loading component...

What are you looking for?

Some topics you might be interested in

Payment Card Industry Data Security Standard (PCI DSS) Certification

Elevate your data protection standards with PCI DSS certification from SGS

Unrivaled PCI DSS expertise and support

FAQ

What is the Payment Card Industry Data Security Standard (PCI DSS)?

Who created the PCI DSS?

What are the 12 PCI DSS requirements?

What are the PCI DSS compliance levels?

What is the first step to PCI DSS compliance?

What is the PCI DSS certification process?

How does the PCI DSS assessment work?

Loading component...

What are the penalties for noncompliance?

Loading component...

Related Services

More Services

News & Insights

Contact Us

How does the PCI DSS assessment work?

What are the penalties for noncompliance?