(Part two of a Series)

In the first part of this series, we defined the Payment Card Industry Data Security Standard (PCI DSS) and explained why retailers and restaurant operators can’t ignore it. Now it’s time for a closer look at the actual mandates of the standard, which is built on several principles that incorporate a total of 12 requirements. To be in compliance with PCI DSS, you must:

• Build and maintain a secure network. This means installing and maintaining a firewall to protect cardholder data and avoiding the use of vendor-supplied defaults for system passwords and other security parameters.
• Protect cardholder data. Besides protecting stored cardholder data, PCI DSS says that merchants must encrypt any cardholder data they transmit to processors across open, public networks.
• Maintain a vulnerability management program. This kind of program involves using and regularly updating anti-virus software, as well as developing and maintaining secure systems and applications.
• Implementing strong access control measures. According to PCI DSS, these measures restrict access to cardholder data in line with whether employees need to see the information in order to do their jobs. For example, a server in a restaurant is responsible for handling customers’ checks, and he must see cardholder information to get those checks paid, However, a kitchen worker doesn’t need this data to prepare food. “Strong access control measures” also include assigning a unique ID to each person with computer access and restricting physical access to cardholder data.

Need help meeting PCI requirements? pcAmerica can help you with many facets of PCI compliance, including assistance in procuring devices that adhere to all standards.