The Payment Card Industry Data Security Standard (PCI DSS) sets rigorous security mandates that apply to all payment card network members, merchants, and service providers — virtually any business that stores, processes, or transmits cardholder data. The mandates include having a secure network infrastructure and vulnerability management program, strong access control, regular monitoring and testing of applicable networks, as well as maintenance of an information security policy. Penalties can be substantial to those found to be not compliant.
While the regulatory mandates are straightforward, they can place significant operational burdens on regulated companies. That’s why the objective shouldn’t be just to attain regulatory compliance, but to do so in the most effective and efficient way possible.That was the goal of Tomas Fencl, security and technical architect at Czech Airlines. While Czech Airlines was working toward PCI DSS compliance, it wanted to build a more effective way to maintain a high level of compliance and to reduce risk to its IT infrastructure.
Click here to get further information for Czech Airlines