Digital fraud and identity theft incidents have made the protection of payment card information more critical than ever. Cardholder security programs started as early as 2001, and credit card issuers joined together in 2004 to publish the first Payment Card Industry (PCI) Data Security Standard (DSS). Visa, MasterCard, American Express, Discover Bank and JCB all now endorse the standard. The PCI DSS is unique from other information security regulations as it receives governance from private industry rather than elected officials, which means the PCI Security Standards Council (SSC) retains the authority of managing the DSS.

The DSS is comprised of a list of twelve requirements to which members, merchants and service providers must adhere. It applies to any organization that stores, processes or transmits cardholder data. The requirements include the use of data encryption, end-user access controls and activity monitoring and logging, as well as the need to regularly test security systems and processes. Companies face stiff fines or even the possibility of being barred from the card acceptance program if they do not comply. The PCI DSS extends to all “system components” of these organizations, which means all technology involved with or connected to cardholder data is considered applicable to the standard.

This whitepaper explains the PCI DSS in terms log management and explains how Arcsight Logger can help your organization ensure PCI DSS compliance.