Home PCI PCI 3.0 – Going beyond compliance
Categories: Web Application Security

PCI 3.0 – Going beyond compliance

PCI Data Security Standard

The PCI Security Standards Council (PCI SSC) has recently published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) for debit and credit card security. As a result, organizations now need to move to address comprehensive security practices built on shared responsibility than just compliance.

The PCI-DSS 3.0 Overview

Build and Maintain a Secure Network
  • Install & maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open public networks
Maintain a Vulnerability Management Program
  • Protect all systems against malware and regularly update anti-virus software  or programs
  • Develop and maintain secure systems and applications
Implement StrongAccess ControlMeasures
  • Restrict access to cardholder data by business need-to-know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
Maintain an Information Security Policy
  • Maintain a policy that addresses information security for all personnel

Applicability of PCI DSS 3.0: 1st January 2014
2.0 to 3.0 transition time limit: 31st December 2014

 

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

This post was last modified on May 19, 2021 15:32

Share
Venkatesh Sundar
Published by
Venkatesh Sundar
Tags: PCIPCI DSSPCI Security Standards Council
10 years ago

Recent Posts

Top 10 Best Practices for Attack Surface Reduction

Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More

5 days ago

10 Important Data Privacy Questions You Should be Asking Now

Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More

1 week ago

11 Best Practices to Secure your Nodejs API

Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More

1 week ago