About PCI DSS

There are many types of advanced security threats out there and each is driven by differing motives, whether they are hacktivists, cyber-spies, or malicious insiders. Add to this list the cyber-criminals who seek their illicit fortunes through theft or extortion. They look to steal money, obtain information, or hijack computing resources for their own financial gain.

That's why it's important to use standardized security procedures and technologies to prevent theft of credit card information and cardholder data. Becoming PCI-compliant is a critical first step to implementing baseline security practices.

What is PCI DSS?
PCI DSS is a payment card industry data security standard.
PCI DSS is a payment card industry data security standard.
Why PCI DSS?
PCI DSS ensures safe handling of online card payment data.
PCI DSS ensures safe handling of online card payment data.
How ZyXEL can help?
ZyXEL offers a gateway solution for PCI DSS compliance, providing a secure online payment environment.
ZyXEL offers a gateway solution for PCI DSS compliance

Requirements of PCI DSS

There are 12 PCI DSS requirements all businesses accepting card payments must meet. All are designed to protect sensitive data across the card payment industry.

ZyXEL's full threat protection provides a seamless firewall gateway solution to comply with all PCI DSS conditions, so individual business no longer need to worry about fulfilling complex compliance provisions.

Build and Maintain a Secure Network and Systems

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

See ZyXEL Solution

ZyXEL USG/VPN Series

  • ZyXEL firewall gateway
  • Enforce password change after first-time GUI login

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

See ZyXEL Solution

ZyXEL Application and Service

  • UTM and anti-malware

Maintain a Vulnerability Management Program

5. Protect all systems against malware and regularly update antivirus software or programs

6. Develop and maintain secure systems and applications

See ZyXEL Solution

ZyXEL Security Service

  • Anti-virus and IDP service
  • Vulnerability assessment and monitoring

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know

8. Identify and authenticate access to system components

9. Restrict physical access to cardholder data

See ZyXEL Solution

ZyXEL Security Service

  • ZyXEL UTM service
  • Monitor and identify activity

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

See ZyXEL Solution

ZyXEL Security Service

  • ZyXEL firewall daily report
  • Vulnerability assessment and monitoring

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel

See ZyXEL Solution

ZyXEL Customer Service

For Requirements source information, please click here.

How We Protect

Within the PCI DSS requirements, there are specifications relating to the Cardholder Data Environment (CDE). The CDE is the computer environment wherein cardholder data is transferred, processed, or stored. This includes any networks or devices directly connected to that environment.

ZyXEL takes into account common network deployment scenarios and associated scoping issues, such as the point-of-sale terminals wherein the cardholder data enters the network. It is worth noting the sheer volume of private data — payment, credit card, and personal information — that is involved in such transactions. As the business is a key participant in payment card transactions, it is imperative that such businesses use standard security procedures and technologies to thwart theft of cardholder data, from the end-point to the server.

PCI CSS Diagram
Next-Gen Unified Security Gateway
VPN Firewall