Become Fully PCI DSS Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is a framework designed to help develop a sound process for payment card data security. It includes information to prevent, detect and take appropriate action in the even of security incidents relating to payment card data.

PCI DSS High Level Overview

The table below shows the key 12 areas required for full PCI DSS compliance.

Extraordinary has experience in guiding clients through the process of building cloud services that meet these requirements.


PCI Control

Extraordinary Service

Build and Maintain
a Secure Network

1. Install and maintain a firewall configuration
to protect cardholder data

Managed Firewall


2. Do not use vendor-supplied defaults
for system passwords
and other security parameters

Vulnerability Scanning

Protect Cardholder Data

3. Protect stored cardholder data

Customer Responsibility


4. Encrypt transmission of cardholder data across open, public networks

SSL Certificates

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software or programs



6. Develop and maintain secure systems and applications

Customer Responsibility

Implement Strong
Access Control Measures

7. Restrict access to cardholder data
by business need to know

Directory Services
e.g. Active Directory


8. Assign a unique ID to each person
with computer access

Two factor authentication


9. Restrict physical access
to cardholder data

Data centre security
meets these requirements

Regularly Monitor
& Test Networks

10. Track and monitor all access
to network resources and cardholder data

Splunk Log Management


11. Regularly test security systems
and processes

Some aspects can be covered by vulnerability scanning

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel

Customer Responsibility