PCI DSS

What is PCI DSS ?

PCI DSS (Payment Card Industry Data Security Standard) is a joint effort by five international credit card brands (JCB, American Express, Discover, MasterCard, and VISA) to safely protect credit card information and transaction information handled by our company. This is a global security standard for the credit industry, established by . Our company uses this as part of our security measures to protect the important information we handle.

Having an information security policy

PCI DSS stipulates the following 12 requirements.

Building and maintaining secure networks and systems

Install and maintain a firewall to protect cardholder data
Avoid using vendor-supplied default values for system passwords and other security parameters

Protecting cardholder data

Protect stored cardholder data
Encrypt cardholder data when transmitted over open public networks

Maintaining a vulnerability management program

Protect all systems against malware and update antivirus software regularly
Develop and maintain highly secure systems and applications

Introducing strong access control methods

Restrict access to cardholder data to the extent necessary for business purposes
Identify and authenticate access to system components
Restrict physical access to cardholder data

Regular network monitoring and testing

Track and monitor all access to network resources and cardholder data
Test your security systems and processes regularly

Maintaining information security policy

Maintain policies that address information security for all personnel

Membership in PCI SSC (Payment Card Industry Security Standards Council, LLC)

We are a member of PCI SSC, which is jointly operated by five international payment brands. PCI SSC is operated for the purpose of continuous development and operation/management of PCI DSS.