Payment Card Industry Data Security Standard or PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

1. Things to Keep in Mind
Regarding PCI DSS Compliance
Introduction
Payment Card Industry Data Security Standard or PCI DSS is a set of security standards designed to
ensure that all companies that accept, process, store or transmit credit card information maintain
a secure environment. If you handle customer payment card data in any way, it is important to be
PCI DSS compliant. Here are 8 key things to keep in mind regarding PCI DSS compliance:
• Conduct regular vulnerability scans
As per PCI DSS requirements, all internet facing systems must be scanned for vulnerabilities on a
quarterly basis. These scans help identify any security weaknesses that could be exploited by
cybercriminals to access payment card data. It is important to conduct these scans regularly and
address any issues identified promptly.

2. • Implement strong access control measures
PCI DSS lays down strict guidelines around user access management and authentication. You need to
have controls like unique user IDs, complex passwords that are changed regularly, two-factor
authentication etc. Tight access controls prevent unauthorized access and misuse of systems containing
cardholder data.
• Encrypt transmission of cardholder data
All cardholder data including primary account numbers (PANs) that is transmitted over public networks
must be encrypted using strong cryptographic solutions. This applies to transmission over end-user
technologies like Wi-Fi as well. Proper encryption protects sensitive data from interception or
modification during transmission.
• Protect stored cardholder data
If your business retains stored cardholder data, you need to ensure proper encryption and protection at
all times. This includes encryption of data in transit and at rest, strong access controls on storage
systems and regular testing of encryption solutions. Stored data should be kept to a minimum by
deleting it as soon as it is no longer required.

3. • Maintain an information security policy
A documented information security policy lays down your organization's security approach and
requirements in clear terms. It forms the foundation for implementing robust security controls. The policy
should be reviewed and updated annually to address new and emerging risks. Employees should also be
trained on the policy regularly.
• Implement the principle of least privilege
As per the principle of least privilege, each user should only be provided with minimum access required to
perform their job. Restricting access based on need-to-know helps minimize the business impact of a data
breach or insider attack. It is important to review user access rights periodically and remove unnecessary
privileges.
• Conduct application security testing
Any applications and custom software that handle cardholder data need to be tested for vulnerabilities
during development and also on a periodic basis after deployment. This includes tests like source code
review, penetration testing etc. Addressing issues found helps strengthen application-layer security controls.

4. • Maintain an incident response plan
Even with strong security measures, data breaches are possible. It is important to have an
incident response plan in place to minimize damage from a security incident. The plan should
clearly define roles and responsibilities, include guidelines for containment, eradication and
recovery of systems. It should also address requirements for notifying affected parties and
regulators.
Conclusion
Adhering to PCI DSS requirements via INTERCERT is crucial for any organization dealing with
payment card data. Regular reviews, employee training and security testing help ensure
continuous compliance. Prompt remediation of any issues identified through audits and
vulnerability scans is also important to maintain a robust security posture.