Payment card industry data security standards

As your Bank, we are committed to helping you protect both your business and your customers. Because your business processes payments from debit and credit cards there are a number of obligations you are required to meet.

These obligations are designed to protect cardholder information and help you manage the risks to your business posed by fraud and internal or external security breaches.

These mandatory obligations are known as the Payment Card Industry Data Security Standards (PCI DSS). They are set by the PCI Security Standards Council and apply to any organisation that stores, processes or transmits cardholder information and data.

Which security standards MUST I comply with?

All businesses, large and small, are required to protect card holder data in accordance with the Payment Card Industry Data Security Standards.

Exactly which Payment Card Industry Security Standards apply to you will depend on the size and nature of your business, the configuration of your payment systems and the different service providers you work with.

The PCI Security Standard Council have created an informative and useful Quick reference guide, to help you understand the PCI DSS and apply it to your payment card transaction environment.

Which security standards MUST I comply with?

Australian businesses are increasingly dealing with instances of payment card fraud.

This fraud poses an obvious threat to customers, who are inconvenienced and potentially out of pocket for significant amounts of money. For your business, insufficient risk mitigation practices can result in you being liable for the entire fraudulent amount.

By complying with Payment Card Industry Data Security Standards, your customers will trust that their card details are secure, and you will be actively managing potential financial and reputational risks to your business.

The PCI Data Security Standard

PCI DSS is the global data security adopted by the payment card brands for all entities that process, store or transmit cardholder data. It consists of common sense steps that mirror security best practices.

GOALSPCI DSS REQUIREMENTS
Build and Maintain a Secure Network1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel

I need more information

Further information about the Payment Card Industry Data Security Standards is available from:

Vectra Corporation – Bendigo and Adelaide Bank's PCI DSS partnerPCI Service Desk 1800 558 522
Monday to Friday (9am to 5pm)
Bendigo Bank Card and Merchant Operations1300 132 741
Onlinewww.pcisecuritystandards.org
Easy to understand information and frequently asked questions.

At Bendigo Bank, we're committed to helping you protect your business and your customers. Assisting you to meet industry regulations is all part of the service we provide for your business.