Difference between PC-DSS and PCI DSS : Aalpha

Difference between PC-DSS and PCI DSS

What is the PCI Data Security Standard?

  1. Protect cardholder data by installing as well as maintaining a firewall.
  2. Do not use vendor-supplied default values for system passwords and other security settings.
  3. Protect cardholder information.
  4. Encrypt cardholder data sent via open, public networks.
  5. Protect all computers from infection and update anti-virus software or applications regularly.
  6. Develop and maintain secure apps and systems.
  7. Restrict cardholder data access based on business needs.
  8. Identify and validate system component access.
  9. Limit physical access to cardholder information.
  10. Monitor and record every network resource and cardholder data access.
  11. Test security systems and procedures regularly.
  12. Maintain an information security policy applicable to all staff.

How can a business achieve PCI compliance?

PCI-DSS evaluations often fall into one of three categories:

  • Qualified Security Assessor (QSA): A QSA is a third-party assessor who has been authorized to do PCI assessments by the PCI Security Council. For all Level 1 Merchants, a QSA is necessary to conduct assessments.
  • Internal Security Assessor (ISA): An ISA is an assessor from inside the examined organization. The PCI Security Council has also qualified the ISA to do PCI assessments, but solely for their own business.
  • Self-Assessment Questionnaire (SAQ): Lower-level merchants (with fewer transactions) utilize the Self-Assessment Questionnaires to self-evaluate their compliance. Multiple SAQs are available, with the particular SAQ utilized depending on how clients do credit card transactions (i.e., the card does not present vs. card present, fully outsourced authorizations vs. partially outsourced authorizations).

What Does Compliance with PA DSS Mean?

What are the PA-DSS prerequisites?

  1. Do not keep the entire magnetic stripe, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data.
  2. Protect cardholder information.
  3. Offer secure authentication mechanisms.
  4. Record payment application actions.
  5. Develop payment security applications.
  6. Safeguard wireless communications.
  7. Test payment apps to fix vulnerabilities and maintain payment application upgrades.
  8. Facilitate the development of a secure network.
  9. Never keep cardholder information on an internet-connected server.
  10. Facilitate remote access to the payment application securely.
  11. Encrypt sensitive data sent via public networks.
  12. Secure all non-console administrative access.
  13. Provide clients, resellers, and system integrators with PA-DSS instructions, documentation, and training programs.
  14. Assign PA-DSS obligations to workers, consumers, resellers, and system integrators, and manage training programs for these groups.

--

--

Aalpha is specialist India based Software Solutions company providing solutions for Web and Mobile development, https://www.aalpha.net

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store