What is PCI? The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements designed to ensure that cardholder data is processed, stored, and transmitted in a safe and secure manner.
PCI-DSS was created with the goal of ensuring card data was secure, and dealt with in a similar manner across all vendors and merchants. This greatly reduces the risk of vulnerability for all parties involved.
Anyone who accepts, processes, or transmits cardholder data (employees, contractors & developers) must comply with PCI requirements.
Who needs to comply with PCI requirements if they accept, process, or transmit cardholder data?
How does PCI-DSS protect cardholder data? Through a range of measures, our PCI-DSS policy takes important steps to protect cardholder data.
Secure Network All payment data is transmitted using AES encryption over a secure computer network. Card details can never be stored in plain text, and passwords must be secure and regularly changed. It would take the world's fastest computer a billion billion years to decrypt AES encryption without the private key (which is a secret, like a password).
Vulnerability Management Program Beem It has a policy of vulnerability management, including strong anti-virus, firewalls, agile security updates and systems designed with security in mind. This policy doesn't work, however, if your own devices are running old software.
It is important that you, as a user of IT systems, install software updates as soon as they become available, and familiarise yourself with how to install updates on all your devices.
As an organisation, we also conduct employee background checks before exposing employees to cardholder information. It is important to keep this in mind if you are ever in charge of onboarding someone in a sensitive position. If you're unsure, check with the HR department.
Access Control Unique IDs for everybody who accesses our networks, no physical access to cardholder information, and a security hierarchy are all ways in which Beem It maintains access control of their secure information.
As an employee who accepts, processes, or transmits cardholder data, it is important you never share your User ID or Password with anybody else. You never know where your information will end up.
Which of these are consequences of non-compliance with PCI security? Select all that apply
Summary: How can you protect yourself, your **employer ** and your customers? Never share your username or password Keep your computer up to date, and enable automatic updates Never write down a customer's credit card information Never write down a username or password Use a secure password containing letters, number and special characters