The global PCI standards define specific requirements for the different areas in processing card payments which are set and agreed with among stakeholders such as banks, merchants and payment services providers. PCI compliance is required for all merchants that store, transmit or process payment card information.
There are 12 requirements to adhere to in order to achieve compliance:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software on all systems commonly affected by malware
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know basis
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Fraud and identity theft are on the rise. The reality of a data breach is not only detrimental to your business; it affects your customers as well. This risk is not restricted to the security breaches you see in the news involving large companies as smaller merchants are also affected.
Within TÜV SÜD, internationally accredited certification bodies offer services for various management systems. We have extensive experience in auditing and certifying a wide range of internationally recognised management systems. Our experienced team of global experts will guide you through the process, from on-site audits to certification. Our auditors will guide you in the periodic assessments to identify and minimise potential risks. By partnering with us, your company’s attention and commitment to the PCI compliance will gain global recognition. Beyond certification, we will also provide you with periodic feedbacks on ways to improve on your existing processes.