PCI-DSS 12 requirements

PCI DSS describes the requirements that apply for all merchants transmitting, handling or storing card data. The standard applies for Visa, Mastercard, American Express, Diners, Discover, JCB and Dankort (in Denmark).

PCI DSS security standard can be circumscribed to the 12 requirements below:

Secure your network 

  • Requirement 1: You must secure that your company installs and maintains a firewall that protects your card data
  • Requirement 2: You must not use standard settings for system passwords and other security parameters

Protect card data 

  • Requirement 3: You must protect your card data 
  • Requirement 4: You must encrypt card data that are sent via open, public network

Handl vulnerabilities with permanent procedures

  • Requirement 5: Use antivirus software and update it regularly
  • Requirement 6: You must continuously develop and maintain security for your systems as well as applications

Implement a strong access control

  • Requirement 7: You must restrict access to cardholder data in relation to business needs so only as few as possible can access the data
  • Requirement 8: Each user of your computer network must be assigned with a unique ID  
  • Requirement 9: As few as possible should have physical access to card data

Monitor and test your network regularly 

  • Requirement 10: Access to your network and card data must be monitored  
  • Requirement 11: You must regularly test your security systems and processes Maintain a security policy 
  • Requirement 12: You must maintain a strict security policy

Find more information on the following websites

PCI Security Standards Concil's website

Mastercard's website 

Visa's website