Building and maintaining a secure network is critical to PCI and PSD2 compliance. This includes installing and managing firewalls to protect data, as well as using encryption to protect sensitive information during transmission. Companies must implement security measures such as storing data in a secure location and restricting its access in order to protect cardholder data.
How PCI and PSD2 Compliance protects
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all credit card information companies operate and maintain a secure environment. It was created in 2006 by Visa, MasterCard, American Express, Discover, and JCB to improve account security throughout the transaction process.
The PCI Security Standards Council (PCI SSC) is the independent body that administers and manages the PCI DSS. The council’s website is an excellent resource for understanding what you need to do to become compliant. There are 12 requirements in total, which are grouped into six categories:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
The European Union’s Payment Services Directive or PSD2, was adopted in order to establish a single payment market in the EU and is designed to boost digital banking innovation while increasing security and consumer rights, in a single regulatory effort.