![\"PCI](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2015\/10\/pci-dss-logo-1.jpg\"){kind=logo}
This document consists of twelve sections, each of which covers a specific requirement for the protection of information about card users.<\/p>\nThe use of payment cards for the modern man has long been commonplace. But we do not always think about how extensive and complex is the work that was done by the companies which provide such services, how many diverse requirements they complied in order to give us the possibility simply to insert the card into the slot of the ATM and get our money or book the room in the internet before the vacation trip.<\/p>\n
Meanwhile, getting the right to conduct transactions with payment cards is not the easiest task. In order to do this, the company must obtain a special PCI DSS certificate. It was designed by the PCI SSC – Payment Card Industry Security Standards Council. And it is obligatory for the company that wants to be considered a serious player in the market.<\/p>\n
Reputable organizations and banks clearly refuse to cooperate with the company, which does not comply with the requirements of PCI DSS. Because it means that the company’s leadership does not properly care for data protection, and thus jeopardize the safety and reputation of their partners and customers.<\/p>\n
This document consists of twelve sections, each of which covers a specific requirement for the protection of information about card users.<\/p>\n
Among them there are rules for:<\/p>\n
However, the most vulnerable places in terms of the card transactions safety are secure network infrastructure and protection of user’s information stored by the company. After all, in the \u2018client-server\u2019 area there is the greatest risk that the transmitted data can be intercepted by fraudsters and used for their own selfish purposes.<\/p>\n
That is why it is not surprising that the PCI DSS requirements focus on such an issue as user authentication. The system should be organized in such a way that in case of the client\u2019s request for performing any action, it is possible to determine that this is the real card holder. The fact that a single password is not enough has not been a secret for a long time.<\/p>\n
Therefore, a two-step authentication is used, which requires entering a specially created one-time code after the standard password. Typically, this code is sent with the text message to a user’s phone. But more convenient and reliable way for solving the problem of authentication is the usage of a token – a special device or program that generates one-time passwords, which may be provided by different providers of two-factor authentication.<\/p>\n