Achieve PCI DSS Compliance Easily and Effortlessly Any organization, irrespective of whether it is big or small, commercial or nonprofit, is required to comply with the Payment Card Industry Data Security Standard (PCI DSS) if it in any way stores, processes or transmits payment cardholder data. PCI DSS attains greater importance today as more and more people consider carrying plastic money safer and secure as compared to paper money. Hence, the number of people owning credit cards, debit cards, ATM cards has increased substantially. However, credit cards have their own share of pros and cons. Though, on one hand, cards are the safest and the most convenient way to manage money, on the other hand it is the easiest way for the scammers to get hold of personal information. The exponential growth in credit card fraud is what that forced five major card brands namely Visa, American Express, MasterCard, JCB, and Discover Card to bring their separate security policies and procedures under one program called the PCI DSS.
PCI DSS consists of 6 control objectives and 12 requirements namely:
1. Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor–supplied defaults for system passwords and other security 2. Protect Cardholder Data
1. Protect stored cardholder data 2. Encrypt transmission of cardholder data across open, public networks 3. Maintain a Vulnerability Management Program
1. Use and regularly update anti–virus software 2. Develop and maintain secure systems and applications 4. Implement Strong Access Control Measures
1. Restrict access to cardholder data by business need–to–know 2. Assign a unique ID to each person with computer access 3. Restrict physical access to cardholder data 5. Regularly Monitor and Test Networks
1. Track and monitor all access to network resources and cardholder data
2. Regularly test security systems and processes 6. Maintain an Information Security Policy
1. Maintain a policy that addresses information security Though compliance with PCI DSS looks easy, it is quite challenging, since organizations need to deal with mainly two issues. Firstly, organizations need to deploy all the 6 control objectives and secondly, they need to audit the status of these control objectives on a regular basis in order to ensure continuous compliance and protection of cardholder information. Companies and organizations can achieve PCI compliance easily with the help of service providers who not only enforce policies consistent with regulatory requirements but also generate reports on demand.
Published on Apr 26, 2012
Published on Apr 26, 2012
Any organization, irrespective of whether it is big or small, commercial or nonprofit, is required to comply with the Payment Card Industry...