PCI DSS

All organizations that retain, process, and transmit cardholder data, such as merchants who are members of card issuing companies and any other service providers should all consider compliance with PCI DSS.

Features and business benefits

Business Benefits of PCI DSS compliance

• Promote use of credit cards with a promise to secure card transactions.
• Protect merchants’ profits from unauthorized use and credit card fraud.
• Improve brand image and trustworthiness of merchants and service providers.
• Prevent and reduce the frequency of data loss, and reduce cost of restoration.

The Information Security Management System (ISMS) is widely known as a certification system of information security for corporations in India with over 400 companies certified to ISMS by BSI.

ISMS is designed to manage and maintain the quality of information security whilst PCI DSS is designed to protect cardholder data, so dual certification to both PCI DSS and ISMS standards enables greater levels of information security for multiple stakeholders.

In order to maintain PCI DSS and ISMS certification, organizations must undertake an annual assessment.

By conducting a joint assessment, organizations can avoid a certain degree of duplication; reduce business disruption, time and cost. For example, if an organization is already certified to ISMS requirements then they will be implementing many of the elements of PCI DSS elements including:

A.10.10  Monitoring

A.11.2 User access management

A.11.4 Network access control

A.11.5  Operating System access control

A.12.6  Technical Vulnerability Management