Retail PCI Compliance

Maintain a Vulnerability Management Program

Vulnerability management, in simple terms, means having tools in place that keep your solutions safe from viruses and bugs that could create security risks.

Requirement #5: Use and regularly update anti-virus software or programs
A common place for vulnerabilities, such as malware, viruses and worms, often occurs by means of email and other common online activities undertaken by employees at a business. Anti-virus software must be used on any and all systems affected by malware to protect the systems from current and evolving software threats. The risks of vulnerabilities significantly increase for personal computers and mobile devices that interact with the cardholder data environment.

Make sure that you have installed anti-virus software on your personal workstations and servers
Use anti-virus software on all systems that interact with the cardholder data environment
Ensure that the anti-virus software you deploy is the current version, is always running and can generate audit logs to help auditors verify PCI compliance

Requirement #6: Develop and maintain secure systems and applications
Eliminating any security vulnerabilities in your systems and applications will help reduce the risk of criminals accessing cardholder data. A good way to do this is to make sure and install any vendor-provided security patches that are provided. The critical systems within your retail store should have the most recently released software patches installed to prevent manipulation.

Utilize a Payment Application Data Security Standard validated version of your current payment application
Install recently-released patches for critical card payment systems and applications within one month of release
Apply patches to less critical systems as soon as possible
Consider using a vulnerability monitoring service to make sure new vulnerabilities in the system are not overlooked
Follow change control procedures whenever changes are made to the payment card system components or configurations

Retail Data Security Home - Contact Us
PCI Compliance 101 Data Security Milestones What Can You Do Today? Life Cycle of a Data Security Breach Data Security e-Newsletter Additional Resources

< Back to PCI Compliance Retail PCI Compliance Maintain a Vulnerability Management Program Vulnerability management, in simple terms, means having tools in place that keep your solutions safe from viruses and bugs that could create security risks. Requirement #5: Use and regularly update anti-virus software or programs A common place for vulnerabilities, such as malware, viruses and worms, often occurs by means of email and other common online activities undertaken by employees at a business. Anti-virus software must be used on any and all systems affected by malware to protect the systems from current and evolving software threats. The risks of vulnerabilities significantly increase for personal computers and mobile devices that interact with the cardholder data environment. Make sure that you have installed anti-virus software on your personal workstations and servers Use anti-virus software on all systems that interact with the cardholder data environment Ensure that the anti-virus software you deploy is the current version, is always running and can generate audit logs to help auditors verify PCI compliance Requirement #6: Develop and maintain secure systems and applications Eliminating any security vulnerabilities in your systems and applications will help reduce the risk of criminals accessing cardholder data. A good way to do this is to make sure and install any vendor-provided security patches that are provided. The critical systems within your retail store should have the most recently released software patches installed to prevent manipulation. Utilize a Payment Application Data Security Standard validated version of your current payment application Install recently-released patches for critical card payment systems and applications within one month of release Apply patches to less critical systems as soon as possible Consider using a vulnerability monitoring service to make sure new vulnerabilities in the system are not overlooked Follow change control procedures whenever changes are made to the payment card system components or configurations

© 2011 Radiant Systems, Inc. All Rights Reserved. Powered by CounterPoint Retail Point of Sale.