What is the PCI DSS, and how to comply with it when accepting online payments?
Many countries require organizations accepting online payments to be regularly certified PCI DSS compliant.
This article discusses if and how your company is subject to certification.
Approximately every 39 seconds, there is a hacker attack. Not only large corporations fall victim to cybercriminals - more than 40% of cyber attacks are aimed at small businesses. The IT industry develops certain standards to make it harder for fraudsters and hackers. Following these standards helps companies protect their infrastructure, networks, and users" personal data.
The PCI DSS standard must be followed by all organizations storing or transmitting at least one bank card data. It describes the measures to protect such data and the requirements for the company's IT infrastructure.
The first version of the standard was adopted by Visa, MasterCard, and several other American payment systems in 2004. PCI DSS came to the Russian market in 2006 after it had been extended to the countries of Central and Eastern Europe.
The standard is not enshrined at the legislative level in any country.
Visa and MasterCard are responsible for the penalties and fines. But certain requirements of PCI DSS can be found in different legal documents. For example, in the American state of Minnesota, since 2007 Plastic Card Security Act prohibits businesses from keeping clients'" PIN-codes. It concerns the protection of information during the transfer of funds.
Standard requirements
PCI DSS standard has twelve basic security requirements. They can be grouped into six groups. Companies that implement the standard are required to:
Protect corporate networks. Set up firewalls and replace all passwords set by the network equipment manufacturer.
Protect card data. Implement encryption and network transmission of card data via TLS 1.1 protocol (or higher).
pci compliant means https://www.verygoodsecurity.com/blog/posts/what-is-pci-compliance
Close vulnerabilities promptly. Install the software and corporate anti-virus updates to the software you use
Control access to the repository. Limit the employees with access to the physical storage location.
Establish information security policies. Test for compliance and think through your hacking algorithm.
Monitor the infrastructure. Plus, conduct regular testing of all systems responsible for information security.
Responsibility for breach
Payment systems impose fines for non-compliance with PCI DSS requirements. The amount depends on the type of company (merchant or service provider), the volume of transactions, and the frequency of breaches. Visa will charge a $50 000 fine for the first offense and a $200 000 fine for the third one. The penalties are imposed monthly until the violation is corrected.
Failure to comply with PCI DSS requirements can also be considered a violation of personal data protection laws. T
English
Arabic
Français
Português
Deutsch
Türkçe
Dutch
Italiano
Russian
Romaian