Payment Card Industry Data Security Standard (PCI DSS): What You Need to Know for Secure Payments
The electronic payments industry has undergone a radical change over the past several years with the proliferation of convenient digital payment options such as contactless cards and smartphones/smart watches with mobile payment capabilities and apps. These contactless payment options are increasingly supported at payment terminals, vending machines, EV chargers, and kiosks as well as for peer-to-peer mobile payments. These new methods bring speed and convenience to transactions and are rapidly replacing the use of cash or the swipe of a credit card in many countries. These emerging capabilities require reliable connectivity to communicate with the processors and payment networks that approve and complete transactions. As these transactions include a wealth of sensitive data, such as customer details and financial information, security is paramount.
Cellular Connectivity is a Must for Payments
Increasingly, many across the payments value chain are opting for cellular IoT connectivity, which provides robust, reliable, and secure coverage for attended or unattended connected vending “things” with embedded IoT SIMs. Cellular data is encrypted, by default, and mobile network operators are constantly investing resources to identify and resolve any security gaps that might be exploited. Sierra Wireless’ Smart Connectivity provides further enhancements including the latest encryption technologies and best practices for physical security, data network security, and information security, making the payment process as secure as possible.
Payment Card Industry Data Security Standard (PCI DSS)
The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to enhance global payment account data security by developing and driving the adoption of data security standards and resources for safe payments worldwide. To protect the sensitive information associated with credit and debit cards, the major payment card brands have established a standard set of security requirements called the Payment Card Industry Data Security Standard (PCI DSS). All organizations that handle cardholder information, or that could impact the security of cardholder information are required to maintain these standards for all processes and systems that can impact the security of cardholder data.
PCI Compliance Explained
There are various levels of PCI compliance which depend on the number of payments your business processes each year.
●Merchant Level 1: Processes over 6 million transactions every year
●Merchant Level 2: Processes between 1-6 million transactions every year
●Merchant Level 3: Processes between 20,000-1 million transactions every year
●Merchant Level 4: Processes less than 20,000 transactions every year
PCI requirements depend on which level is applicable to your business and require merchants to complete the relevant PCI DSS Self-Assessment Questionnaire (SAQ).
12 Key Requirements for PCI Compliance:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software or programs.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need to know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security for all personnel.
Being PCI compliant is not a requirement by law. However, it is highly advisable that merchants who accept card payments follow the regulations set by the PCI SSC to avoid any potential data infringement and to avoid hefty non-compliance fees. PCI compliance isn't a one-time exercise – it’s a task that must be completed each year.
Sierra Wireless' Smart Connectivity and PCI
Sierra Wireless Smart Connectivity provides continuous cellular network availability and secure access for payment solutions while monitoring the core networks to prevent disruptions and enable 99.9% uptime. Furthermore, Sierra Wireless’ Smart Connectivity service has implemented key PCI security requirements:
●All data is fully encrypted whether in transit or at rest.
●Access to the infrastructure and data is restricted, logged, and audited regularly.
●Servers and network infrastructure are maintained with the latest security patches.
●Regular internal security audits, 3rd party audits, and telecommunication-specific security audits.
As part of the commitment to security and PCI compliance, Sierra Wireless has a Security Operations Center that provides 24×7 monitoring and response to any detected threats or vulnerabilities discovered to ensure that data is protected at all times. For reliability, the data centers and public cloud environments are tier III and tier IV data center compliant1.
The Center for Internet Security (CIS) v8 security control framework is used to assess Sierra Wireless's compliance with the latest security best practices. The CIS is a trusted resource for cyber threat prevention, protection, and globally recognized best practices for securing IT systems and data.
Semtech and PCI DSS
Sierra Wireless is a Semtech company and, like many businesses, Semtech also accepts credit card payments for several different product offerings and has conducted an in-depth review of respective PCI obligations. Below is how Semtech manages Sierra Wireless PCI Compliance Program:
●Sierra Wireless Product Security team partners with Product Development and Service Delivery teams who propose new products and services or changes to existing products and services that require payments via a credit card or other electronic means not managed through bank transfer.
●The Product Security team will evaluate the product, create detailed data flow diagrams/payment flow diagrams, and provide guidance on the optimal path ahead to minimize PCI exposure.
●The Product Security team follows the product development lifecycle and ensures the payment process is being developed and implemented as planned.
If necessary, the Product Security team will facilitate the necessary SAQ, conduct a GAP analysis, ensure compliance with the key security requirements, and bring in a third-party Qualified Security Assessor (QSA) to support the certification process.
- +1 Like
- Add to Favorites
Recommend
- Semtech Corporation Completes Acquisition of Sierra Wireless
- Securing Semtech’s (Formerly Sierra Wireless)Managed Connectivity Services and Mobile Virtual Network with Defense in Depth
- Sierra Wireless Launches New Private APN Solution with Robust Security and Accelerated Application Deployment for Managed Connectivity Solutions
- Semtech Corporation to Acquire Sierra Wireless and get highly complementary skills and capabilities
- Sierra Wireless‘ 5G Managed Network Service which offers guaranteed performance and uptime for business-critical applications
- STMicroelectronics and Sierra Wireless Collaborate to Simplify and Accelerate Connected IoT Solutions Deployment
- Sierra Wireless Offers Critical Communications Solution for First Responders and Extended Public Safety Users with FirstNet
- HIVE-ZOX Selects Sierra Wireless LPWA Module for Global Cold Chain Monitoring Solution
This document is provided by Sekorm Platform for VIP exclusive service. The copyright is owned by Sekorm. Without authorization, any medias, websites or individual are not allowed to reprint. When authorizing the reprint, the link of www.sekorm.com must be indicated.