PCI Data Security Standard (PCI DSS), is a security standard that defines the set of requirements to manage security, define security policies and procedures, network architecture, software design and all kinds of protection measures that intervene in the processing, processing or storage of credit card information. Its purpose, the reduction of fraud related to payment cards and increase the security of this data.
PCI DSS is the result of the efforts of the PCI Security Standards Council (PCI SSC) formed by the main payment card issuers (Visa, Mastercard, American Express, JCB and Discover), to force and facilitate businesses, service providers and banks to reduce the risk of fraud with credit cards, by protecting the infrastructures that process, transmit or store data related to credit cards.
Here are the 12 PCI DSS requirements:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use the default values provided by the provider for system passwords and other security parameters.
3. Protect the stored data of cardholders.
4. Encrypt the transmission of cardholder data through open public networks.
5. Use and update antivirus software regularly.
6. Develop and maintain secure systems and applications.
7. Limit access to the data of the owners, only to what the businesses need to know.
8. Assign a unique identification to each person with access to a computer.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Test security systems and processes regularly.
12. Maintain a policy that addresses information security.
Quarterly Scans of Vulnerabilities
According to the requirements set forth by PCI DSS, the Quarterly External Vulnerability Scans must be performed by an officially approved company on all the Compliance Environment Components accessible from the Internet.
UTMVAULT has this approval (granted by the PCI SSC) and proposes a solution that has passed the necessary requirements for the vulnerability scans that PCI SSC requires from the affected companies.