CheapSSLsecurity, profile picture
Uploaded byCheapSSLsecurity
PPTX, PDF487 views

Is your business PCI DSS compliant? You’re digging your own grave if not

The document discusses the importance of PCI DSS compliance for online businesses, highlighting that compliant organizations are significantly less likely to experience data breaches. The 2017 Verizon Payment Security Report reveals that while compliance rates have improved, over 40% of organizations still fail to meet PCI DSS standards and many lose compliance shortly after assessment. Key requirements include maintaining firewalls, avoiding default credentials, and conducting regular security testing, with significant non-compliance observed in areas like tracking and monitoring access.

Technology
Related topics:
Business Security

Embed presentation

Download to read offline
Is your business PCI DSS compliant? You’re digging your own grave if not…
Why to be PCI Compliance? The latest report by Verizon shows that online businesses are less likely to be breached if they’re PCI compliant.
What is PCI DSS Compliance?
“ The Payment Card Industry Data Security Standard (PCI DSS), is a set of security guidelines applicable to all organizations that accept, store, and process credit card information.
How PCI DSS Compliance Works?
Image: PCI Scanning Function
PCI DSS Compliance ○ The PCI DSS is comprised of 12 key requirements that any website dealing with payment cards must adhere to. ○ The Verizon 2017 Payment Security Report clearly outlines the relation between PCI DSS compliance and data breaches ○ Interestingly, almost all the victimized companies that Verizon analyzed between 2010 and 2016 were found have violated the PCI DSS at the time of their breach. ○ Even more interestingly, the report indicates that 55.4% remain fully PCI compliant one year after their preliminary assessment. ○ These two are the key findings of the 60-page long Verizon 2017 Payment Security Report – the ‘highlights’ if you may.
• However, there’s no need to get overly pessimistic by these numbers. There is some good news, too. So, which one would you like to hear first — good news or bad news? Okay, let’s go through some good news first.
The Good News 
The report states that 55.4% of companies in 2016 remained fully PCI compliant one year after their preliminary assessment. This number may sound a little on the downside, but it’s not. 55.4% is a massive improvement over the 48.4% recorded in 2015. Compliance on the rise
One of the 12 PCI DSS requirements is NOT TO use default vendor-supplied credentials. Going by Verizon’s report, 81.3% of organizations heed this requirement – an encouraging sign indeed. Default credentials are a thing of the past
If there is any sector that needs to comply with the PCI DSS more than others, it’s the finance sector Almost 60% of financial services organizations fall within the boundaries of PCI DSS. Finance sector leading by example
Another key finding of the report was the rise in customer awareness. The report states “66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen. Now let’s get to the bad news. The part you should have a close look at. Customers getting savvier
The Bad News 
The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
• Speaking of which Rodolphe Simonetti, Verizon’s global managing director for security consulting said “There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks, [While] it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”
The report demonstrates a clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
An important part of the 12 requirements is the ‘Security Testing.’ This requires the organizations to test their security systems and processes under some specific guidelines. Unfortunately, only 71.9% of organizations are compliant with this requirement. Security Testing: Needs Improvement
To protect your online business against potential data breaches, you need to constantly track and monitor access – that’s actually rule 10 of the PCI DSS. 91.9% of the companies assessed after a data breach were found to be disregarding this requirement. Now that you know the significance that PCI DSS requirements hold, we hope that you will comply with (or at least think about) the requirements. Tracking and Monitoring: A bluntly ignored requirement
12 requirements for Tracking and Monitoring
1. Install and maintain a firewall and router configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know Access Restricted
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all personnel
And if you’re feeling particularly motivated and want to dig in deep, you can learn more about these requirements on Payment Security Council’s official website.
34 THANKS!  If you have any questions about this document please don’t hesitate to contact us at:  https://cheapsslsecurity.com/blog/  https://twitter.com/sslsecurity  https://www.facebook.com/CheapSSLSecurities  https://plus.google.com/+Cheapsslsecurity

More Related Content

PPTX
Payment card industry data security standard
bysallychiu
 
PDF
Pci dss scoping and segmentation with links converted-converted
byVISTA InfoSec
 
DOCX
A Case Study on Payment Card Industry Data Security Standards
byVictor Oluwajuwon Badejo
 
PPT
PCI DSS Certification
byhodonoghue
 
PDF
Where in the world is your PII and other sensitive data? by @druva inc
byDruva
 
PDF
Whitepaper - Application Delivery in PCI DSS Compliant Environments
byJason Dover
 
PDF
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
byFit Small Business
 
PPTX
The Easy WAy to Accept & Protect Credit Card Data
byTyler Hannan
 
Payment card industry data security standard
bysallychiu
 
Pci dss scoping and segmentation with links converted-converted
byVISTA InfoSec
 
A Case Study on Payment Card Industry Data Security Standards
byVictor Oluwajuwon Badejo
 
PCI DSS Certification
byhodonoghue
 
Where in the world is your PII and other sensitive data? by @druva inc
byDruva
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
byJason Dover
 
PCI Compliance - How To Keep Your Business Safe From Credit Card Criminals
byFit Small Business
 
The Easy WAy to Accept & Protect Credit Card Data
byTyler Hannan
 

What's hot

PDF
How to Prepare for a PCI DSS Audit
bySecurityMetrics
 
PDF
Master Data in the Cloud: 5 Security Fundamentals
bySarah Fane
 
PPTX
Defensible cybersecurity-jan-25th-
byIT Strategy Group
 
PPTX
Understanding the New PCI DSS Scoping Supplement
bySecurityMetrics
 
DOCX
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
byhimalya sharma
 
PDF
Pci dss v3-2-1
byleon bonilla
 
DOCX
Online_Transactions_PCI
byKelly Lam
 
PDF
PCI_Presentation_OASIS
byDermot Clarke
 
PPTX
What Everybody Ought to Know About PCI DSS and PA-DSS
byLondon School of Cyber Security
 
PDF
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
byAtoZ Compliance
 
PDF
PCI DSS Success: Achieve Compliance and Increase Web Application Security
byCitrix
 
PDF
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
PDF
Data Privacy Readiness Test
byDruva
 
PDF
We Need to Prioritize Cybersecurity in 2020
byMatthew Doyle
 
PPT
Tizor_Data-Best-Practices.ppt
bywebhostingguy
 
PDF
IT Trends - Cyber Security
byDatix Consulting
 
PPT
New fraud protection solutions
byLaurent Pacalin
 
PDF
C7 defending the cloud with monitoring and auditing
byDr. Wilfred Lin (Ph.D.)
 
How to Prepare for a PCI DSS Audit
bySecurityMetrics
 
Master Data in the Cloud: 5 Security Fundamentals
bySarah Fane
 
Defensible cybersecurity-jan-25th-
byIT Strategy Group
 
Understanding the New PCI DSS Scoping Supplement
bySecurityMetrics
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
byhimalya sharma
 
Pci dss v3-2-1
byleon bonilla
 
Online_Transactions_PCI
byKelly Lam
 
PCI_Presentation_OASIS
byDermot Clarke
 
What Everybody Ought to Know About PCI DSS and PA-DSS
byLondon School of Cyber Security
 
Introduction to the Payment Card Industry Data Security Standard (PCI DSS) - ...
byAtoZ Compliance
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
byCitrix
 
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
Data Privacy Readiness Test
byDruva
 
We Need to Prioritize Cybersecurity in 2020
byMatthew Doyle
 
Tizor_Data-Best-Practices.ppt
bywebhostingguy
 
IT Trends - Cyber Security
byDatix Consulting
 
New fraud protection solutions
byLaurent Pacalin
 
C7 defending the cloud with monitoring and auditing
byDr. Wilfred Lin (Ph.D.)
 

Similar to Is your business PCI DSS compliant? You’re digging your own grave if not

PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PPTX
PCI DSS Compliance introduction explanation
byRicha Goel
 
PDF
Understanding Your PCI DSS Guidelines: Successes and Failures
by- Mark - Fullbright
 
PDF
Credit Card Processing for Small Business
byMark Ginnebaugh
 
PDF
Achieving PCI DSS Compliance | cybersigm
byCyberSigma
 
PPTX
PCI Compliance - Delving Deeper In The Standard
byJohn Bedrick
 
PDF
PCI DSS: What it is, and why you should care
bySean D. Goodwin
 
DOCX
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
byBORNSEC CONSULTING
 
PDF
MTBiz May-June 2019
byMutual Trust Bank Ltd.
 
PDF
Reduce PCI Scope - Maximise Conversion - Whitepaper
byShaun O'keeffe
 
PDF
Verizon rp pci report-2015-en_xg
byCMR WORLD TECH
 
PDF
PCI COMPLIANCE REPORT
byat MicroFocus Italy ❖✔
 
PDF
Verizon 2014 pci compliance report
byBee_Ware
 
PDF
Verizon 2014 PCI Compliance Report
by- Mark - Fullbright
 
PDF
PCI Certification and remediation services
byTariq Juneja
 
PDF
Adventures in PCI Wonderland
byMichele Chubirka
 
PDF
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
byTraceSecurity
 
PPTX
Making Compliance Business as Usual
byControlCase
 
PPTX
PCI DSS & PA DSS Version 3.0 Changes Webinar
byControlCase
 
PDF
PCI DSS and PA DSS Version 3.0 Changes
byControlCase
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PCI DSS Compliance introduction explanation
byRicha Goel
 
Understanding Your PCI DSS Guidelines: Successes and Failures
by- Mark - Fullbright
 
Credit Card Processing for Small Business
byMark Ginnebaugh
 
Achieving PCI DSS Compliance | cybersigm
byCyberSigma
 
PCI Compliance - Delving Deeper In The Standard
byJohn Bedrick
 
PCI DSS: What it is, and why you should care
bySean D. Goodwin
 
PCI DSS 6 Key Objectives You Must Know for Compliance.docx
byBORNSEC CONSULTING
 
MTBiz May-June 2019
byMutual Trust Bank Ltd.
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
byShaun O'keeffe
 
Verizon rp pci report-2015-en_xg
byCMR WORLD TECH
 
PCI COMPLIANCE REPORT
byat MicroFocus Italy ❖✔
 
Verizon 2014 pci compliance report
byBee_Ware
 
Verizon 2014 PCI Compliance Report
by- Mark - Fullbright
 
PCI Certification and remediation services
byTariq Juneja
 
Adventures in PCI Wonderland
byMichele Chubirka
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
byTraceSecurity
 
Making Compliance Business as Usual
byControlCase
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
byControlCase
 
PCI DSS and PA DSS Version 3.0 Changes
byControlCase
 

More from CheapSSLsecurity

PDF
Norton Cyber Security Insights Report 2017
byCheapSSLsecurity
 
PPTX
Phishing Scams: 8 Helpful Tips to Keep You Safe
byCheapSSLsecurity
 
PDF
Symantec (ISTR) Internet Security Threat Report Volume 22
byCheapSSLsecurity
 
PPTX
Hashing vs Encryption vs Encoding
byCheapSSLsecurity
 
PPTX
What is Asymmetric Encryption? Understand with Simple Examples
byCheapSSLsecurity
 
PDF
Understanding SSL Certificate for Apps by Symantec
byCheapSSLsecurity
 
PPTX
What is Certificate Transparency (CT)? How does it work?
byCheapSSLsecurity
 
PPTX
How Hashing Algorithms Work
byCheapSSLsecurity
 
PPTX
Microsoft Exchange Server & SSL Certificates: Everything you need to know
byCheapSSLsecurity
 
PPTX
Various Types of OpenSSL Commands and Keytool
byCheapSSLsecurity
 
PDF
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
byCheapSSLsecurity
 
PPTX
Quantum Computing vs Encryption: A Battle to Watch Out for
byCheapSSLsecurity
 
PPTX
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
byCheapSSLsecurity
 
PPTX
The Top Five Cybersecurity Threats for 2018
byCheapSSLsecurity
 
PPTX
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
byCheapSSLsecurity
 
PPTX
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
byCheapSSLsecurity
 
PPTX
Multi Domain Wildcard Features explained by CheapSSLsecurity
byCheapSSLsecurity
 
PPTX
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
byCheapSSLsecurity
 
PPTX
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
byCheapSSLsecurity
 
PPTX
Apache Server: Common SSL Errors and Troubleshooting Guide
byCheapSSLsecurity
 
Norton Cyber Security Insights Report 2017
byCheapSSLsecurity
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
byCheapSSLsecurity
 
Symantec (ISTR) Internet Security Threat Report Volume 22
byCheapSSLsecurity
 
Hashing vs Encryption vs Encoding
byCheapSSLsecurity
 
What is Asymmetric Encryption? Understand with Simple Examples
byCheapSSLsecurity
 
Understanding SSL Certificate for Apps by Symantec
byCheapSSLsecurity
 
What is Certificate Transparency (CT)? How does it work?
byCheapSSLsecurity
 
How Hashing Algorithms Work
byCheapSSLsecurity
 
Microsoft Exchange Server & SSL Certificates: Everything you need to know
byCheapSSLsecurity
 
Various Types of OpenSSL Commands and Keytool
byCheapSSLsecurity
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
byCheapSSLsecurity
 
Quantum Computing vs Encryption: A Battle to Watch Out for
byCheapSSLsecurity
 
TLS 1.3: Everything You Need to Know - CheapSSLsecurity
byCheapSSLsecurity
 
The Top Five Cybersecurity Threats for 2018
byCheapSSLsecurity
 
Shift to HTTPS and Save Your Website from the Wrath of Blacklisting
byCheapSSLsecurity
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
byCheapSSLsecurity
 
Multi Domain Wildcard Features explained by CheapSSLsecurity
byCheapSSLsecurity
 
Thawte Wildcard SSL Certificates – Enable Sub-Domains Security
byCheapSSLsecurity
 
How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
byCheapSSLsecurity
 
Apache Server: Common SSL Errors and Troubleshooting Guide
byCheapSSLsecurity
 

Recently uploaded

PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PPTX
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Transforming Supply Chains with Amazon Bedrock AgentCore (AWS Swiss User Grou...
byChris Bingham
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
"Feelings versus facts: why metrics are more important than intuition", Igor ...
byFwdays
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 

Is your business PCI DSS compliant? You’re digging your own grave if not

  • 1.
    Is your businessPCI DSS compliant? You’re digging your own grave if not…
  • 2.
    Why to bePCI Compliance? The latest report by Verizon shows that online businesses are less likely to be breached if they’re PCI compliant.
  • 3.
    What is PCIDSS Compliance?
  • 4.
    “ The Payment CardIndustry Data Security Standard (PCI DSS), is a set of security guidelines applicable to all organizations that accept, store, and process credit card information.
  • 5.
  • 6.
  • 7.
    PCI DSS Compliance ○The PCI DSS is comprised of 12 key requirements that any website dealing with payment cards must adhere to. ○ The Verizon 2017 Payment Security Report clearly outlines the relation between PCI DSS compliance and data breaches ○ Interestingly, almost all the victimized companies that Verizon analyzed between 2010 and 2016 were found have violated the PCI DSS at the time of their breach. ○ Even more interestingly, the report indicates that 55.4% remain fully PCI compliant one year after their preliminary assessment. ○ These two are the key findings of the 60-page long Verizon 2017 Payment Security Report – the ‘highlights’ if you may.
  • 8.
    • However, there’sno need to get overly pessimistic by these numbers. There is some good news, too. So, which one would you like to hear first — good news or bad news? Okay, let’s go through some good news first.
  • 9.
  • 10.
    The report statesthat 55.4% of companies in 2016 remained fully PCI compliant one year after their preliminary assessment. This number may sound a little on the downside, but it’s not. 55.4% is a massive improvement over the 48.4% recorded in 2015. Compliance on the rise
  • 11.
    One of the12 PCI DSS requirements is NOT TO use default vendor-supplied credentials. Going by Verizon’s report, 81.3% of organizations heed this requirement – an encouraging sign indeed. Default credentials are a thing of the past
  • 12.
    If there isany sector that needs to comply with the PCI DSS more than others, it’s the finance sector Almost 60% of financial services organizations fall within the boundaries of PCI DSS. Finance sector leading by example
  • 13.
    Another key findingof the report was the rise in customer awareness. The report states “66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen. Now let’s get to the bad news. The part you should have a close look at. Customers getting savvier
  • 14.
  • 15.
    The report demonstratesa clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
  • 16.
    • Speaking ofwhich Rodolphe Simonetti, Verizon’s global managing director for security consulting said “There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks, [While] it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed – large and small – are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”
  • 17.
    The report demonstratesa clear link between PCI DSS compliance and data breaches. The organizations that are fully PCI compliant have very low chances of being the victim of a data breach. The love-hate relationship between data breaches and PCI compliance
  • 18.
    An important partof the 12 requirements is the ‘Security Testing.’ This requires the organizations to test their security systems and processes under some specific guidelines. Unfortunately, only 71.9% of organizations are compliant with this requirement. Security Testing: Needs Improvement
  • 19.
    To protect youronline business against potential data breaches, you need to constantly track and monitor access – that’s actually rule 10 of the PCI DSS. 91.9% of the companies assessed after a data breach were found to be disregarding this requirement. Now that you know the significance that PCI DSS requirements hold, we hope that you will comply with (or at least think about) the requirements. Tracking and Monitoring: A bluntly ignored requirement
  • 20.
  • 21.
    1. Install andmaintain a firewall and router configuration to protect cardholder data
  • 22.
    2. Do notuse vendor-supplied defaults for system passwords and other security parameters
  • 23.
    3. Protect storedcardholder data
  • 24.
    4. Encrypt transmissionof cardholder data across open, public networks
  • 25.
    5. Use andregularly update anti-virus software or programs
  • 26.
    6. Develop andmaintain secure systems and applications
  • 27.
    7. Restrict accessto cardholder data by business need to know Access Restricted
  • 28.
    8. Assign aunique ID to each person with computer access
  • 29.
    9. Restrict physicalaccess to cardholder data
  • 30.
    10. Track andmonitor all access to network resources and cardholder data
  • 31.
    11. Regularly testsecurity systems and processes
  • 32.
    12. Maintain apolicy that addresses information security for all personnel
  • 33.
    And if you’refeeling particularly motivated and want to dig in deep, you can learn more about these requirements on Payment Security Council’s official website.
  • 34.
    34 THANKS!  If youhave any questions about this document please don’t hesitate to contact us at:  https://cheapsslsecurity.com/blog/  https://twitter.com/sslsecurity  https://www.facebook.com/CheapSSLSecurities  https://plus.google.com/+Cheapsslsecurity