PCI DSS | The Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS)
Payment card transactions are a rapidly growing share of Israel’s total payment volume. Online purchases and convenient payment options have turned credit cards into Israel’s most common payment method. But their popularity has proven fertile ground for credit card fraud and violations.
To keep customers safe and ensure companies’ payment card data security is up to the highest standards, all Israeli businesses that accept payment cards must comply with a payment card security policy.
The PCI standard is a collection of procedures designed to ensure the safety of payment card use and prevent data from getting into the wrong hands.
The right professionals can help you make your workplace PCI compliant while ensuring payment process optimization and reliability.
Our information security experts can find the best way for your company to meet the standard’s requirements.
Becoming PCI DSS-compliant: Hermeticon’s security experts explain.
PCI DSS general guidelines:
The standard’s requirements apply to both online and offline transactions. Failure to meet the requirements can result in heavy fines—potentially as high as hundreds of thousands of shekels for every month your organization remains non-compliant. And if this is not enough of a deterrent, if your business is found to be non-compliant, clearing companies will immediately stop working with you. These are some of the areas the standard covers.
Who has to comply with the standard?
The standard applies to all entities that store, process, or transmit cardholder data. This includes cash registers, e-wallets, e-commerce websites and apps, and more.
The PCI DSS has several levels of certification:
As a rule, all levels require that you complete a self-assessment questionnaire (SAQ) and use the services of an approved scan provider to run a quarterly network scan.
The level of certification your business must obtain depends on your number of transactions (including in-store, online, and phone transactions where the customer does not have to physically show the card). The bigger your business, the stricter the requirements.
| Level | Conditions |
| 1 | Over 6 million transactions a year and/or if you have had a data breach |
| 2 | 1–6 million transactions a year |
| 3 | Between 20,000 and 1 million transactions a year |
| 4 | Under 20,000 transactions a year |
To get certified, you have to meet various information security requirements, including:
- Using information security products: your business must have an adequate security system, including EDR, a firewall, SIEM, WAF, and antivirus software.
- The access architecture to the database where payment card data is stored must be secure.
- Your employees must have a basic understanding of information security guidelines.
Secure handling of physical documentation pertaining to payment cards:
Your company must destroy all paperwork containing credit card information at the end of each workday and ensure reports are accessible only by those authorized to access customer payment card data.
Payment system permissions management:
To prevent data leaks and monitor access, ensure that only authorized employees with unique usernames can access credit card information.
Your systems must be protected by a firewall and equipped with antivirus software to prevent hackers from accessing credit card information.
Ensure all passwords are changed often and are difficult to guess or crack.
Data encryption:
Ensure that all online payment card transactions and transmissions of payment card information use advanced encryption protocols.
Long-term risk management:
Periodically check that your information security system complies with the most recent PCI guidelines, address issues as they arise, and proactively prepare for future threats.
An SSL certificate is not enough for PCI compliance:
Many online store owners believe credit card transactions on their websites are secure because they have an SSL certificate.
A secure connection is essential and highly recommended for preventing breaches, but it does not protect you against all penetration attempts or malicious activity.
To ensure your store is PCI-compliant and provides customers with a secure shopping experience, you need to perform a professional audit covering all bases.
Professional support from information security experts will take your business to the next level:
Data breaches are becoming more and more commonplace. With more and more businesses going digital, many are vulnerable to new and rapidly emerging threats.
Hermeticon’s security experts can help keep your security procedures up to date and give your clients security—an essential part of any online shopping experience.
Our CISO-certified consultants have vast experience with information security
With our CISO as a service offering, you can get a unique solution tailored to your needs, resources, and field of business.
We can help you ensure every aspect of your business is in compliance with the standard: from computer systems to paperwork and access control.
We can also train your employees, raising their awareness of data leak risks and transforming them from a vulnerability into a valuable part of your information security strategy.
Get in touch with us today to learn more about the standard and our services.
So what are you waiting for? To learn more, call 03-7176281 or leave your contact information here and we will get back to you.
Why choose Hermeticon:
Support from the best experts in the field
A wide range of cybersecurity and information security solutions
Support from our resilience testing division
