Is Your Retail Business At Risk Of Customer Payment Card Theft? Read This Important Information Right Away.

PCI Compliance

Does Your Business Handle Cardholder Data? Here’s an Essential Overview of the PCI DSS

In the past few months, a variety of companies, including Target, Michaels, and Neiman Marcus, have experienced data breaches. While data breaches are becoming an increasingly common occurrence, most of them can be avoided by following the guidelines outlined in the Payment Card Industry Data Security Standard (PCI DSS).

An Introduction to the PCI Data Security Standard

The PCI Data Security Standard includes twelve technical and operational requirements designed to protect cardholder data. These requirements can be split into six control objectives. Here’s an overview of the control objectives and PCI DSS Requirements:

Control Objective: Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration that protects cardholder data.
  2. Change vendor-supplied default passwords and other security measures on systems.

Control Objective: Protect Cardholder Data

  1. Protect cardholder data stored on systems.
  2. Encrypt cardholder data during transmission across open, public networks.

Control Objective: Maintain a Vulnerability Management Program

  1. Install anti-virus software on all systems and update on a regular basis.
  2. Develop and maintain secure systems and applications.

Control Objective: Implement Strong Access Control Measures

  1. Restrict access to cardholder data on a need-to-know basis.
  2. Provide unique IDs to each individual with access to computers.
  3. Restrict physical access to cardholder data.

Control Objective: Regularly Monitor and Test Networks

  1. Monitor and track access to cardholder data and network resources.
  2. Test security systems and processes on a regular basis.

Control Objective: Maintain an Information Security Policy

  1. Maintain an information security policy to address security threats and vulnerabilities.

What Entities Must Comply with PCI DSS?

All entities involved with payment card processing, including financial institutions, merchants, processors, and service providers, must comply with PCI DSS. If you store, transmit, or process cardholder data and/or sensitive authentication data, you must comply with PCI DSS. The PCI DSS also applies to systems in the cardholder data environment (CDE).

Systems in the Cardholder Data Environment

The systems considered to be part of the cardholder data environment include the following:

  • Systems designed for security purposes, such as authentication servers.
  • Systems designed to facilitate segmentation, such as internal firewalls.
  • Systems that may impact the security of the CDE, such as web redirection servers.
  • Network components, including switches, routers, firewalls, wireless access points, network appliances, and various security appliances.
  • Virtualization components, including virtual machines, virtual applications, virtual applications/desktops, hypervisors, and virtual switches and routers.
  • Applications, including purchased or custom applications and internal or external applications.
  • Server types, including web, database, application, proxy, mail, authentication, Network Time Protocol (NTP), and Domain Name System (DNS) servers.
  • All devices or components within or connected to the cardholder data environment.

While this is a comprehensive list of systems, the cardholder data environment must be used as a guideline. Entities must consider all systems and personnel that interact with, or store card holder data. In addition, entities must consider the PCI DSS on a day-to-day basis, instead of waiting until security problems arise. Ultimately, security should be a top priority for all entities involved with payment card processing.

The PCI DSS also states that all third-party service providers must be considered and validate their own compliance. This validation can be done through a PCI DSS assessment or reviewing their services as part of their customers’ PCI DSS assessments.

To learn more about PCI DSS compliance, please view the PCI DSS Requirements and Security Assessment Procedures Version 3.0 at

For information on how to protect your customers’ data, give us a call at (954) 717-1990 or send us an email at LAN Infotech can help you secure your systems and ensure PCI DSS compliance.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
Client Feedback

“We were having major problems with our email system. We reached out to the IT department of a trusted major law firm here in Miami who in turn recommended Lan Infotech and Michael Goldstein’s team of experts. I find everyone to be professional, knowledgeable and thorough. This gives me huge confidence that I am using a vendor I can trust and rely on.”

—Bart Garratt
HR & Tech. Coordinator
The Legal Aid Society
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services