PCI DSS Regulations and Compliance

 

PCI DSS - Payment Card Industry Data Security Standard

More than 234 million records with sensitive information have been breached since January 2005, according to Privacy Rights Clearinghouse.org. As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data. Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers.

 

Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards (see diagram on page 5). Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.

Risky Behavior
A survey of businesses in the U.S. and Europe reveals activities that may put cardholder data at risk.

  • 81% store payment card numbers
  • 73% store payment card expiration dates
  • 71% store payment card verification codes
  • 57% store customer data from the payment card magnetic stripe
  • 16% store other personal data

PCI DSS follows common sense steps that mirror best security practices. The DSS globally applies to all entities that store, process or transmit cardholder data. PCI DSS and related security standards are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating organizations include merchants, payment card issuing banks, processors, developers and other vendors.

The PCI Data Security Standard

The PCI DSS version 1.2 is the global data security standard adopted by the card brands for all organizations that process, store or transmit cardholder data. It consists of common sense steps that mirror best security practices.

Goals
PCI DSS Requirements
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder
Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability
Management Program
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and
Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security for employees and contractors

 

 
 

                         

   
     

 

 

 

 

Privacy    Disclaimer

 

COPYRIGHT 2013

AXCENSION, INC.

ALL RIGHTS RESERVED.

 

 

 

 

 

Home    About Us    Cloud Services    Technology    Clients    Technical Skills    Client List    Web Portfolio

Compare Cloud Services    Application Development    Business Technology Services    Cloud Services

Infrastructure as a Service    Mobile Applications    Platform as a Service    Data Security

Virtualization    Software as a Service    Web-Native Technology    Application Hosting

Managed Hosting    Compliance Hosting    Platform Hosting    Database Hosting    Healthcare - HIPAA

Finance - GLBA    Legal - SOX    Banking - HITECH    Data Security - PCI DSS    Contact Us