PCI Compliance
The Payment Card Industry (PCI) Data Security Standard is
a result of collaboration between Visa® and MasterCard® to
create common industry security requirements to protect consumers
from fraud. Other card companies operating in the U.S. have
also endorsed the standard within their respective programs.
These 12 requirements are the foundation of the PCI Data
Security Standard:
| Build and Maintain
a Secure Network |
1.
|
|
Install and maintain a firewall configuration to protect
data |
2.
|
|
Do not use vendor-supplied defaults for system passwords
and other security parameters |
| Protect Cardholder
Data |
3.
|
|
Protect stored cardholder data |
4.
|
|
Encrypt transmission of cardholder data and sensitive
information across open public networks |
| Maintain a Vulnerability
Management Program |
5.
|
|
Use and regularly update anti-virus software |
6.
|
|
Develop and maintain secure systems and applications |
| Implement Strong Access
Control Measures |
7.
|
|
Restrict access to data by business need-to-know |
8.
|
|
Assign a unique ID to each person with computer access |
9.
|
|
Restrict physical access to cardholder data |
| Regularly Monitor and
Test Networks |
10.
|
|
Track and monitor all access to network resources and
cardholder data |
11.
|
|
Regularly test security systems and processes |
| Maintain an Information
Security Policy |
12.
|
|
Maintain a policy that addresses information security |
In addition to complying with the above regulations, companies
must also show validation of compliance. Validation identifies
vulnerabilities and ensures that appropriate levels of cardholder
information security are maintained. Visa has prioritized
and defined levels of compliance validation based on the
volume of transactions, the potential risk, and exposure
introduced into the Visa system by merchants and service
providers.
| Level 1 |
- Any merchant, regardless of acceptance channel,
processing over 6,000,000 Visa transactions per year
- Any merchant that has suffered a breach that resulted
in an account data compromise
- Any merchant that Visa, at its sole discretion,
determines should meet the Level 1 merchant requirements
to minimize risk to the Visa system
- Any merchant identified by any other payment card
brand as Level 1
|
| Level 2 |
- Any merchant processing 1,000,000 to 6,000,000
Visa transactions per year
|
| Level 3 |
- Any merchant processing 20,000 to 1,000,000 Visa
e-commerce transactions per year
|
| Level 4 |
- Any merchant processing less than 20,000 Visa e-commerce
transactions per year, and all other merchants processing
up to 1,000,000 Visa transactions per year
|
CITTIO can help retailers comply with and demonstrate PCI
Compliance at any Level 1-4 with CITTIO WatchTower and its
deep integration to Security Information Management (SIM)
offerings sold and supported by CITTIO. With CITTIO you’ll
get infrastructure performance and availability for all your
retail locations, vulnerability and intrusion detection and
reporting, log file monitoring and reporting and single pane
of glass visibility into it all.
Learn about our solution for retailers >>
Contact
CITTIO
Top of Page ^
|
