PCI DSS High Level Requirements

Feb. 1, 2021 | Last Updated: July 27, 2022

PCI DSS High Level Requirements

The goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect cardholder's data. PCI DSS requirements apply to organizations where Cardholder's data and/or Sensitive Authentication data is stored, processed or transmitted.

Cardholder Data includes:

  • Primary Account Number (PAN)
  • Cardholder Name
  • Expiration Date
  • Service Code

Sensitive Authentication Data includes:

  • PINs
  • Magnetic-stripe data or Chip data on Credit/Debit Card

For the organizations that have outsourced their payment processing operations or management of their Cardholder Data Environment (CDE), they are responsible for ensuring that the account data is protected by third party.

Below are some high-level PCI DSS requirements:

  1. Organization needs build and maintain a secure network systems. This includes installing and maintaining a firewall configuration to protect cardholder data.
  2. Vendor-supplied default credentials should not be used for system password and other security parameters.
  3. Protect stored Cardholder Data.
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect Systems against malware and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need to know
  8. Identify and authenticate access to system components
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

PCI DSS comprises a minimum set of requirements for protecting account data, and may be enhanced by additional controls and practices to further mitigate risks, as well as local, regional and sector laws and regulations. PCI DSS does not supersede local or regional laws, government regulations, or other legal requirements.

Share This Post

Join our newsletter!

Click to subscribe

Stay informed with product updates and security tips delivered to your inbox; no spam.