PCI DSS
Introduction
The Payment Card Data Security Standard (PCI DSS) requirement is necessary for all institutions accepting Credit/Debit Card Payments. Without compliance College cannot accept card payments. Failure to meet the requirements can expose the College to large fines and increased surveillance/audit costs should a security breach occur. In addition, should a breach occur and non-compliance has been evidenced, College will also be held accountable for all fraudulent spending and, significantly, any regulatory fines for data protection breaches.
The Committee has the following responsibilities
-
Helping to formalise and complete a PCI DSS compliant process and environment within your allocated area (project work)
-
Helping maintain ongoing compliance (ongoing work)
-
Maintaining knowledge base with the chosen area (ongoing work)
-
Assist in the completion of the PCI DSS questionnaire required for compliance (annual work)
-
At least quarterly formal meetings on PCI DSS compliance (ongoing work)
Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requirements:Goals:PCI DSS Requiremen
In order to be PCI DSS compliant, the College must meet the 12 PCI DSS requirements
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for employees and contractors