PCI DSS (Payment Card Industry Data Security Standard) is set of rules & regulations to prevent card payment against fraud & card security breaches, PCI data security standards are requirements determined by a council (PCI SSC) consisting of representatives of companies with global card networks such as American Express, MasterCard, Visa, Discover, and JCB to ensure the security of card and cardholder data.
PCI DSS is a set of security rules established by the PCI SSC (Security Standard Council) to ensure that all companies that process, store, or transmit credit card or cardholder data, need to maintain a secure environment.
There are four type PCI DSS Level or PCI Compliance Levels
PCI Merchant Level 1: Merchants with over 6 million transactions a year, across all channels, or any merchant that has had a data breach
PCI Merchant Level 2: Merchants with between 1 million and 6 million transactions annually, across all channels
PCI Merchant Level 3: Merchants with between 20,000 and 1 million online transactions annually
PCI Merchant Level 4: Merchants with fewer than 20,000 online transactions a year or any merchant processing up to 1 million regular transactions per year
Cardholder Data Which Data should be Stored or should be not stored
12 requirements of PCI DSS Compliance
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel