Retail: Payment Card Industry Data Security Standard Compliance

Secure Data, Secure Payments

About PCI DSS

PCI DSS is the Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. If your company processes, stores, or transmits credit card numbers, then you must be PCI DSS compliant or risk losing the ability to process credit card payments.

Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company. Companies, like TJX , who did not follow the standard leaving sensitive customer data open to thieves, are fined heavily. Card brands have also created incentive programs for PCI DSS compliance.

By complying with the PCI Data Security Standard, merchants and service providers not only meet their obligations to the payment system, but also build a culture of security that benefits everyone. With Trend Micro’s industry leading Internet content security solutions for endpoint security and data leak prevention—you are well on your way to PCI DSS compliance.

How Trend Micro™ Can Help

Trend Micro can help you meet the PCI DSS Standard by providing security solutions that keep malware and intruders out of your network and sensitive data inside. The current version of the standard (1.1) specifies 12 requirements for compliance, organized into six logically related groups, which are called "control objectives."

The control objectives and their requirements are listed below along with the specific areas where Trend Micro, the leader in Internet content security, can help you achieve PCI DSS compliance along with your policy enforcement and education efforts:

  • Prevent data leaks from malicious code attacks with Trend Micro solutions with antivirus and antispyware protection
  • Protect your customers’ confidential and private information from insiders and hackers with Trend Micro data leak prevention solutions
  • Prevent fraud, identity theft and other constantly-evolving Web Threats with Trend Micro’s Web Reputation
  • Reduce resource requirements and management as well as stop threats like spam and phishing sooner. Trend Micro’s hosted features and solutions identify and block threats before they reach your network (in-the-cloud.)
  • Implement multilayer, multithreat protection with joint solutions from Trend Micro and Cisco

The PCI Data Security Standard consists of twelve basic requirements categorized as follows¹ :

Principle Requirement How Trend Micro Can Help
Build and Maintain a Secure Network
  • Install and maintain a firewall configuration to protect data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
Trend Micro™ SecureSite helps you start safeguarding your ecommerce website including checking for over 600 vendor-supplied defaults for passwords and system parameters
Protect Cardholder Data
  • Protect stored data
  • Encrypt transmission of cardholder data and sensitive information across public networks
 Trend Micro LeakProof™ Protect card holder data with comprehensive protection of sensitive data at-rest, in-use, and in-motion
Maintain a Vulnerability Management Program
  • Use and regularly update antivirus software
  • Develop and maintain secure systems and applications
Deploy any Trend Micro solution with antivirus/antispyware protection for small business to enterprise including:
Implement Strong Access Control Measures
  • Restrict access to data by business need-to-know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
 
Regularly Monitor and Test Networks
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
 
Maintain an Information Security Policy
  • Maintain a policy that addresses information security