Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » Generic » PCI DSS Overview

PCI DSS Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security guidelines established in 2004 by none other than the major credit card companies like MasterCard, Visa, Discover Financial Services, JCB International, and American Express. To get to know what PCI DSS involves in one go, take a look at the six key goals for compliance with this framework:

  • Secure network and systems: This includes the use of strong firewalls and the use of specialized ones for wireless networks. Avoid using vendor-provided authentication models
  • Protect cardholder data: Safeguard cardholder information wherever it’s stored, including sensitive data like birthdates, names, and Social Security numbers 
  • Vulnerability management: Establish programs to assess and manage risks, guarding against malicious activities like spyware and malware
  • Access control: Restrict and manage access to system information and operations. Each user should have a unique and confidential ID 
  • Monitor and test networks: Regularly check and test networks to ensure security measures work effectively and stay up to date
  • Information security policy: Formulate, maintain, and follow a formal policy

So, who needs to comply with PCI DSS? 

Any business that accepts credit card payments or handles payment card data must adhere to the PCI DSS guidelines. However, it’s not a legal requirement but just an industry standard ensuring card transaction security.

Additional reading

PCI Penetration Testing

What is PCI Penetration Testing and How it Works + Downloadable Template

For every lock, there is someone out there trying to pick it and break in. – David Bernstein.  We check our home’s lock twice before leaving. Do you ensure the same thing in maintaining your customer data? Yes, we are talking about the PCI penetration testing. Organizations that store, process, and handle credit cards and…

What is Vendor Review Process – Document Review & Examples

When you use a SaaS product or platform, you’re not only using it to support your organization’s function, you are placing your confidence in that business to keep communication, reports, strategy, and other sensitive data about your business in a secure state. Many customers assume that the data is held safely, but it is the…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.