Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
PCI DSS Overview
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security guidelines established in 2004 by none other than the major credit card companies like MasterCard, Visa, Discover Financial Services, JCB International, and American Express. To get to know what PCI DSS involves in one go, take a look at the six key goals for compliance with this framework:
- Secure network and systems: This includes the use of strong firewalls and the use of specialized ones for wireless networks. Avoid using vendor-provided authentication models
- Protect cardholder data: Safeguard cardholder information wherever it’s stored, including sensitive data like birthdates, names, and Social Security numbersÂ
- Vulnerability management: Establish programs to assess and manage risks, guarding against malicious activities like spyware and malware
- Access control: Restrict and manage access to system information and operations. Each user should have a unique and confidential IDÂ
- Monitor and test networks: Regularly check and test networks to ensure security measures work effectively and stay up to date
- Information security policy: Formulate, maintain, and follow a formal policy
So, who needs to comply with PCI DSS?
Any business that accepts credit card payments or handles payment card data must adhere to the PCI DSS guidelines. However, it’s not a legal requirement but just an industry standard ensuring card transaction security.
Additional reading
What is PCI Penetration Testing and How it Works + Downloadable Template
Compliance vs Risk Management: Key Differences & Similarities
What is Vendor Review Process – Document Review & Examples
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.