dcsimg

How to achieve and maintain PCI DSS compliance

All organisations that accept card payments must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is not a simple task, and if you make mistakes when implementing the Standard, you’ll struggle to achieve compliance and expose yourself to data breaches and regulatory fines. We understand that PCI DSS compliance is difficult, so we’ve laid out some recommendations based … [Read more...]

Understanding PCI compliance auditing

Businesses of all sizes must undergo Payment Card Industry Data Security Standard (PCI DSS) compliance audits to ensure that their customers’ data is protected during credit or debit card transactions and while stored. Under the Standard, Level 1 businesses – those that process more than six million credit card transactions a year – are subject to an annual on-site audit and quarterly network … [Read more...]

Policies and procedures, you need for PCI DSS compliance

Technology can only do so much to protect an organisation from data breaches. That’s why Requirement 12 of the Payment Card Industry Data Security Standard (PCI DSS) states that organisations should actively manage their data protection responsibilities by establishing, updating and communicating security policies and procedures in response to regular risk assessments. As with technology, security … [Read more...]

Having trouble complying with the PCI DSS? Here are some tips

Keeping cardholder data secure can be incredibly difficult, but have you tried… not storing so much information? You’d be surprised at how effective that apparently flippant advice is. Organisations often store more information than they need, making security trickier than it should be. Take primary account numbers (PANS). This information is needed far less other than cardholders’ names and card … [Read more...]

PCI DSS dissected: Reducing your cardholder data environment

The requirements of the Payment Card Industry Data Security Standard (PCI DSS) should be considered the starting point of security. The Standard doesn’t cover everything that organisations can do to protect payment card data, but it does cover everything that they should do, such as put in place the appropriate procedures, policies and work practices. Still, many organisations don’t see the PCI … [Read more...]