PCI DSS Standard 1

PCI DSS Standard

What is the PCI DSS Standard?

The Payment Card Industry Data Security Standard (PCI DSS) represents the requirements all companies, entities, and organizations adhere to for processing credit card holder data. As such, they are required to follow the specific security measures necessary for credit card payment systems.

These specific security measures concern the network and operation of the data processing environment, such as a data center, and they cover 12 distinct areas of security:

  1. firewalling
  2. password protection
  3. protection of stored cardholder data
  4. data encryption
  5. antivirus software
  6. secure development and maintenance of systems and applications
  7. restricted access according to need-to-know principles
  8. personalized access
  9. restricted physical access
  10. tracked and monitored access to the network
  11. regularly test security systems and processes
  12. maintaining an information security policy

How do I benefit from a PCI-DSS-certified Data Center?

Being a customer in our Data Center means that you benefit from a QSA (qualified security assessor) – audited PCI certified service offering. This is important because companies and organizations that electronically process cardholder data (CHD) on a cardholder data environment (CDE) are required to secure the environment according to the PCI standard against data abuse and unauthorized access on an ongoing basis.

The service being offered reaches all the way to your rack cabinet. You can focus on compliance of your infrastructure operated within that rack, without having to worry about the physical security aspects of the data center covering substantial parts of the PCI requirements, attested through our certification. You can build your PCI compliance on our PCI certification, thereby not having to worry about all controls certified in our accreditation. E-Commerce and content providers, a broad range of entities and organizations that accept online credit card payments or donations, can implement a CDE within a PCI certified data center environment in their separately locked racks.

The PCI-DSS standard requires a precise definition of roles and responsibilities for all persons working on the CDE. All access and all operational actions need to be tracked and monitored. As an example, a vital part of the operation of such an environment is physical security and all related processes – all of which must comply with the standardized requirements within a data center operation. This means traceability of physical access to the environment is controlled by using professional access control mechanisms and processes. A seamless video surveillance around the clock and the logging of all persons entering the data center footprint are matched continuously to ensure data consistency.

We provide the support you need, such as our Attestation of Compliance (AOC), to ensure that all requirements are being met and every aspect of PCI-DSS certification is understood and implemented by you as our customer.

Please contact us to sign up for these services or if you have any questions about PCI-DSS certification.

Related Posts

Movaci Success Story: Cornerstone Counseling Foundation (CCF) 2

Movaci Success Story: Cornerstone Counseling Foundation (CCF)

Grace Shim, executive director at Cornerstone Counseling Foundation (CCF) in Chiang Mai, Thailand, is very grateful for the long-term relationship […]

Urgent: POODLE Vulnerability & Outgoing Email 3

Urgent: POODLE Vulnerability & Outgoing Email

In response to the POODLE security vulnerability Movaci Security Services has disabled SSL version 2 access to all of our […]

Antivirus vs. Endpoint Detection and Response (EDR) 4

Antivirus vs. Endpoint Detection and Response (EDR)

Traditionally, antivirus has been sufficient to project organizations computer systems (also known as endpoints). EDR is the next level of […]