Skip to main content

PCI DSS

What is PCI DSS?

PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and other security issues. A retailer processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk to lose the ability to process credit card payments.

PCI DSS reflects the combined interests of VISA, MasterCard, Discover, Amertican Express and JCB. These five credit card brands agreed on a common set of security standards. Prior to this, each card brand managed their own set of requirements:

  • MasterCard - Site Data Protection (SDP) Program.
  • VISA - Cardholder Information Security Program (CISP) and Account Information Security (AIS)
  • Discover - Discover Information Security and Compliance
  • American Express - Data Security Operating Policies

Merchants and Service Providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA).

Click&DECiDE's Solution

Click&DECiDE's PCI Compliance Suite helps your IT staff to respect key mandates of PCI DSS Version 1.1. PCI DSS mandates that an information security policy must be established, published, maintained and desseminated. This policy includes:

  • A process to identify and assess threats, vulnerabilities and risks
  • A formal annual review and subsequent updates when the environment changes

Click&DECiDE enables organizations processing credit card transactions to respect these mandates, to collect data, archive data and monitor, report and alert on all systems and applications that contain sensitive cardholder data. For example, Click&DECiDE manages the following security events.

Security Events:

  • Failed system-level and application-level login attempts
  • Failed access attempts to files or application data
  • IDS/IPS events
  • Exploitation of a system by a virus, worm or an unauthorized individual (hacking)

Configuration Changes:

  • Routers
  • Firewalls
  • Hosts
  • Applications
  • Other IT assets that are part of the credit card process

Asset Changes:

  • Applications being installed or removed
  • Addition or removal of user and group accounts

Service Changes:

  • Vulnerabilities
  • Understnading vulnerabilities resident on an asset
Documents
application/pdf iconPCI Compliance White Paper