PCI compliance requires organisations to restrict physical access to cardholder data to protect them against identity theft and according to the PCI Compliance Security Standard Council “Any merchant that wants to process, store or transmit credit card data is required to be PCI compliant.”In this article, we discuss how Enterprise Security suites can be effectively used to comply with PCI requirements.
Am I Required to be PCI Compliant?
PCI DSS Requirement 9 states “Any physical access to data or systems that house cardholder provides the opportunity for persons to access and/or remove devices, data, systems or hard copies, and should be appropriately restricted.”
PCI DSS Requirement 9 Components
- Restrict physical access to cardholder data.
- Use entry controls to limit and monitor physical access to systems in the facility.
- Develop procedures to easily distinguish between on-site personnel and visitors.
- Control physical access for on-site personnel to the sensitive areas.
- Implement procedures to identify and authorise visitors.
- Physically secure all media.
- Maintain strict control over the distribution of any kind of media.
- Maintain strict control over the storage and accessibility of media.
- Destroy media when it is no longer needed for business or legal reasons.
- Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.
- Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties.
Why Enterprise Security Suites are so effective in achieving PCI Compliance
In modern business, Enterprise Security suites are being deployed to help mitigate threats and improve on-site visibility. Included in these suites are Visitor Management, Access Control, Emergency Evacuation Planning, Vehicle Management and more, offering a diverse range of functionalities and reporting capabilities for security teams and other departments.
Visitor Management: This modern solution provides for the full visitor lifecycle, delivering a single view of visitors across multiple locations. From pre-registration and self-service checking-in, digital Visitor Management solutions ensure all appropriate health, safety and legal requirements are met by organisations in relation to visitors, contractors and other on-site third parties. In line with PCI Compliance, modern Visitor Management solutions cater to multiple requirements relating to on-site visitors.
Access Control: From gateway to endpoint, Access Control solutions provides facilities with more secure working environments for people, property and assets by integrating with facility management and security systems. By creating zone restrictions and configuring unique ID badges to different access authorities, physical access to sensitive areas can be limited, controlled and monitored by multiple departments to ensure PCI compliance requirements are met.
Emergency Evacuation Planning: A fast-paced, accurate and proactive approach to emergency response, Emergency Evacuation Planning solutions are responsible for accounting for all personnel on-site, in the case of an event or for day to day reporting. By integrating with Access Control solutions, organisations can increase on-site security, visibility and accessibility whilst monitoring movements from a centralised location. In line with PCI Compliance, Emergency Evacuation Planning solutions ensure that security policies and operational procedures are implemented and reported.
For more information, visit www.timedatasecurity.com to learn how Enterprise Security solutions help maximise on-site security, for visitors, employees and other on-site personnel.