Credit and debit card information are among the most sensitive pieces of information that organizations must handle.  When they fall into the wrong hands, payment card account number misuse can create identity theft nightmares for individual consumers and financial losses for the banks and merchants that accept fraudulently presented information.  These risks, unless properly managed, threaten to undermine the integrity of the payment card processing networks that we all depend upon to facilitate business transactions.

In an effort to mitigate these risks, the card processing industry developed the Payment Card Industry Data Security Standard (PCI DSS), often referred to simply as “PCI”.  PCI consists of a detailed set of information security requirements that describe the ways that merchants and service providers may store, process and transmit sensitive cardholder information.  It includes requirements to build and maintain secure networks, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, monitor and test networks and maintain an information security policy.

Merchants and service providers seeking to comply with PCI DSS for the first time face a daunting challenge.  The full PCI standard document contains 75 pages of detailed requirements and there are multiple supplementary documents that provide guidance and requirements for specific technologies and situations.  Once a merchant achieves compliance, they must implement a robust monitoring and testing program to ensure that they remain compliant over time.  For this reason, PCI compliance is not a one-time project but requires a permanent change in business practices.

Fortunately, there are many technology solutions designed specifically to help organizations comply with the PCI standard.  These include firewalls, web application security products, log correlation systems, antivirus packages and more.  In this white paper, we will examine the PCI security standard in detail and discuss ways that organizations can build PCI compliant solutions.

Read the full white paper: Principles of PCI Compliance