What are the 12 requirements of PCI DSS Compliance?

By Kimberly Connella   |   June 8, 2020   |   0 Comments

PCI DSS 12 Requirements

What are the 12 requirements of PCI DSS compliance?

The PCI DSS 12 requirements are a set of security measures that businesses must implement to protect credit card data and comply with the Payment Card Industry Data Security Standard (PCI DSS).

Essentially, the PCI DSS is a security standard. The PCI Council developed, and still enforces it to this day. The objective of the PCI DSS 12 requirements is to help protect the payment card ecosystem.

Any business that handles payment cards, including debit and credit cards, is required to meet the 12 requirements of PCI DSS compliance.

The PCI DSS 12 requirements are not a law. In contrast, it is a set of standards that were created by the major card brands including Visa, MasterCard, Discover, AMEX, and JCB.

As a result, it is these credit card companies that administer fines and penalties to businesses that fail to comply with the 12 PCI DSS requirements. Specifically, the fines can range from $5,000 – $100,000 per month for PCI compliance violations or breaches.

Furthermore, banks and payment processors may increase per-transaction fees or terminate their relationship with your business altogether if you fail to meet the 12 PCI DSS requirements and are involved in a data breach.

Penalties for failing to meet the 12 requirements of PCI DSS compliance are not openly discussed; however, they can be catastrophic to a business. As a result, you should ensure your business is aware of and complying with PCI requirements.

12 Requirements of PCI DSS Compliance

The PCI DSS 12 requirements are as follows

1. Install and maintain a firewall configuration to protect cardholder data
2. Configure passwords and settings and do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update antivirus software
6. Develop and maintain secure systems and applications; regularly update and patch systems
7. Restrict access to cardholder data by business “need-to-know”
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data; implement logging and log management
11. Conduct vulnerability scans and penetration tests; regularly test security systems and processes
12. Maintain a policy that addresses information security; provide documentation and complete risk assessments

In most cases, businesses must complete a PCI DSS SAQ to provide proof of compliance with the 12 requirements listed above. The SAQ businesses must take varies and depends on how you handle cards. Most requirements will stay the same, however, there are some differences in the work you must do based on your SAQ type.

How to Comply with PCI DSS Requirements

If your business is responsible for meeting PCI DSS requirements, then the first step of getting on track for meeting compliance is a risk assessment.

aNetworks provides a free PCI DSS risk assessment tool that covers all 12 PCI DSS requirements.

PCI Risk Assessment

At aNetworks, our PCI DSS compliance experts analyze your IT environment and determine where your security needs work. Furthermore, we identify your vulnerabilities as well as document any security gaps based on the PCI DSS security framework. As a result, your business can provide proof of PCI DSS compliance.

If you are looking for assistance with PCI compliance, then please contact us below.

Contact us

Otherwise, you can call us directly at 855-459-6600.

Furthermore, if you are looking for more information, then check out our resource center.

Finally, you can always find us on Twitter, LinkedIn, and Facebook.

---

---