PCI DSS standards are updated every three years. UBC merchants must keep up-to-date with the PCI standards.
Here is a high-level overview of the PCI DSS requirements:
Changes to the PCI standards follow a defined 36-month life-cycle. The lifecycle ensures a gradual, phased introduction of new versions of the standard in order to prevent organizations from becoming non-compliant when changes are published. (PCI SSC)
Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Protect all systems against malware and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel
Review Credit Card Processing Requirements