Saturday, December 8, 2012

PCI DSS: Becoming Compliant


The PCI Security Standards Council, otherwise known as the PCI SSC is responsible for creating standards and material to support and enhance payment card data security for organizations. They have created the Payment Card Industry Data Security Standard (PCI DSS). An information security standard for organizations that handles any kid of card holder information for any of the major credit card companies.

The PCI DSS is now a worldwide security standard that's purpose as explained by the PCI SSC is to "help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats". Therefore all organizations who are storing, processing or transmitting payment card data must be PCI DSS compliment.

What Is Required To Comply With PCI Standards?

The PCI standard for merchants and payment card processors consists of 12 requirements that specify the framework for a secure payment environment. The essence as described by the PCI Security Standards Council can be viewed in three steps:

1.Assess - To begin with, identifying all the risks that may pose a threat to the cardholder data being transmitted, processed or stored by a business will be carried out. Having sight of the route that the information flows from beginning to end is also a vital aspect to consider.

2.Remediate - This stage is focussed on fixing vulnerabilities which will include scanning the network with software tools to find vulnerabilities and then a classifying and ranking of the vulnerability will take place. Prioritise from most serious to least serious. Then fixes or workarounds will be chosen that are best suited to hopefully cover all the vulnerabilities that existed.

3.Report - Reports will be carried out regularly to maintain PCI compliant. This is carried out by submitting a quarterly scan report which will be completed by a PCI SSC approved ASV.

There is also the choice of taking a self-assessment questionnaire (SAQ) that can be completed by merchants where an on-site PCE DSS assessment requirement is not required.

Why Comply With PCI Security Standards?

If you are new to the online world or just recently started selling products online then these standards will be of high importance for many reasons:

Being compliment will allow your systems to be secure and will allow customers to have trust when making purchases online. Particularly in an age where fraud is high and consumers are wary. Making your site secure and safe to protect from any future attack will help prevent any kind of breach and theft of personal consumer data that could have a negative effect on the organization or brands name. Being part of the solution, against payment card data breaches. Create the ability to improve the efficiency of the IT infrastructure and helping establish a corporate security strategy.

Who Should Meet with PCI Security Standards?

The PCI DSS applies to all entities that store, process or transmit cardholder data. The PCI DSS complience will also apply to the overall environment. Including any third parties being used that may store, process or transmit cardholder data. Third party vendors can range from software vendors, web hosting vendors, payment service providers and till and EPOS vendors to name a few.

Other aspects are currently being looked at also to help ensure safety when using consumers card information. Such as advances being made in ATM software and the companies offering full range of services that cover PCI DSS testing making consumers data safe and preventing any kind of future attack.

Five Internet Safety Tips for Government Contractors to Avoid Online Fraud   Internet Security: Is Hiding Your IP Address Legal?   Why Botnet Detection And Removal Is So Important   Best Free Internet Filters - 4 Things You Should Know!   



0 comments:

Post a Comment


Twitter Facebook Flickr RSS



Français Deutsch Italiano Português
Español 日本語 한국의 中国简体。