API Management, PCI Compliance, Enterprise Mobile Access
Industry Solutions


Cloud Security > PCI DSS

Learning Bundle

Retail Solutions

Security Gateway

PCI DSS Background

The goal of the Payment Card Industry Data Security Standard (PCI DSS) is to ensure the safeguarding of payment card data among retailers, e-commerce merchants, banks and other businesses that directly handle card data. To accomplish this, PCI DSS specifies increased controls and protection for information systems that store, process or transmit credit card account numbers and related data such as expiration dates, card-not-present (CNP) verification codes, and customer names. Higher volume merchants are required to complete annual on-site compliance assessments by independent Qualified Security Assessors (QSAs). If organizations don't take appropriate action, fines imposed by the credit card brands for PCI non-compliance can amount to $500,000 per incident.

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programs

6. Develop and maintain secure systems and applications

Implement Strong Access

7. Restrict access to cardholder data by business need to know

Control Measures

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain and Information Security Policy

12. Maintain a policy that addresses information security for all personnel


A viable alternative to costly PCI retrofitting of apps is to introduce an application-level security gateway into your architecture that offers end-to-end data protection, session security, physical security, credit card tokenization, and format preserving encryption. Intel® Expressway Tokenization Broker reduces scope without app impact- it can act as a token transformation service for payment applications or other enterprise information systems tasked with handling clear-text primary account number (PAN) data. The appliance product is especially designed for merchants and e-tailers who have a need to maintain control of the primary account number data on-premise, or are forced to handle clear-text card numbers as part of a billing system, data warehouse or supply-chain application.

© Intel Corporation  |  Terms & Conditions  |  Privacy Policy  |   Resources  |   Wiki  |   Site Map