PCI DSS

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud.

This is achieved through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.

The payment standard has 12 high level requirements which fall into the six categories below:

1. Build and Maintain a Secure Network
Install and maintain a firewall configuration to protect data
Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
Protect stored data (use encryption)
Encrypt transmission of cardholder data and sensitive information across public net

3. Maintain a Vulnerability Management Program
Use and regularly update anti-virus software
Develop and maintain secure systems and applications

4. Implement Strong Access Control Measures
Restrict access to data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data

5. Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes

6. Maintain an Information Security Policy
Maintain a policy that addresses Information Security

PCI DSS

PCI DSS Consultancy Solution

BNS Payments is a Level 1 PCI DSS payment gateway and has been since 2006. If you require any help with achieving your own PCI DSS status, or wish to ensure you are compliant, then do give us a call.

We can provide a full end to end PCI Consultancy Solution, which includes the following:

  • Initial assessment
  • Evaluation of existing payment solutions
  • End to end payment gateway – Our hosted solution takes the worry (and cost!) out of compliancy, allowing you to get on with the job