PCI-DSS Compliance

PCI DSS Service Provider

The Payment Card Industry Data Security Standard (also known as PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

PCI Compliant

Organisations processing credit card payments need to be compliant with PCI-DSS security regulations – but, with 130 separate controls to be implemented, this is a very difficult and expensive process.

By using a service that is already PCI-DSS compliant, firms can save on resource and cost. Maintel supplies, managed, monitors and updates the underlying technology to ensure that its cloud services continually meet PCI-DSS 3.1 requirements - removing considerable responsibility and risk from its customers

The 12 High-Level Requirements on the PCI Compliance Checklist

At a summary level, the PCI compliance checklist for merchants and other businesses that handle payment card data consists of 12 requirements mandated by the PCI DSS:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know. Assign a unique ID to each person with computer access. Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

Find out more about the PCI DSS requirements in our matrix

Further reading

Network security

Read more

Security visibility and control

Read more

DDoS Protection

Read more