Very soon, all dealers are required to achieve PCI compliance. Compliance Payment Card Industry (PCI) compliance) means that a merchant has complied with the Data Security Standard (DDS). These standards were developed by the brand name credit card companies like Visa, MasterCard, American Express and Discover, among other things, you strengthen and define common data security measures. These standards are to computer hacking, credit card fraud, prevent, and many other information security threats.Dealers of all types and sizes will have PCI complaint or risk its ability to process credit card payments.
Prior to the establishment of joint PCI DDS Compliance Program, each of the major credit card companies had their own programs. JCB, Discover, Visa, MasterCard and American Express had similar programs for data security. These security measures for stored, processed and transmitted the data, the cardholder had a higher degree of certainty for traders and their customers. The big mapCompanies formed the Payment Card Industry Security Standards Council (PCI SSC) in 2004 and developed the Payment Card Industry Data Security Standard (PCI DSS).
The standards have been revised since its introduction, as a result of the ever changing credit card industry. The technology is constantly being improved and those who commit fraud with him, constantly improve their techniques and to recognize the card in this industry. The PCI standard was updatedSeptember 2006, version 1.1 and 1.2 provide for the release in October 2008 with planned changes and clarifications in version 1.0. Derived from the PCI DSS are PABP and PA-DSS. The PCI SSC has also complement additional pieces of information, including information on: Requirement 11.3 Penetration Testing complete, details: Published Requirement 6.6 Code Reviews and Application Firewalls Clarified, and navigating through the PCI SSC - understanding of the intent of theNeeds. This additional work to clarify various requirements.
Top credit card processing companies offer support to its dealers in achieving and maintaining compliance. At regular intervals, a dealer compliance by companies that are monitored PCI DSS Qualified Security Assessor (QSA). Both credit card check processing companies and merchants that meet regularly and whose fulfillment only by a Qualified Security Assessor determines endorsed PCI Council. SmallerMerchants, when they have reached to carry out compliance, a Self-Assessment Questionnaire, when in fact, they handle fewer than 80,000 transactions per year.
PCI compliance is achieved if all safety requirements are met. The twelve requirements are organized into six groups. These six groups, "Control Objectives" logically put the necessary steps.
Building and maintaining a secure network
To protect Requirement 1: Install and maintain a firewall configurationCardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data through open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems andApplications
Strong Access Control Measures Implementation
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID for each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly monitor and test networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintainan Information Security Policy
Requirement 12: Look for a policy that addresses information security
Two security policies of PCI DSS provided for the prevention of injuries occur in wireless networks in all areas, with credit card data as a result of the recognition that wireless LANs and public networks are exposed to security breaches, will be used:
• firewall segmentation between wireless networks and point of sale networks or network that comes in contactwith credit card information.
• Use of wireless analyzers (aka Wireless Intrusion Detection System) for the detection of unauthorized wireless devices and attacks
The Payment Card Industry Security Standards Council an overview of the PCI DSS Best Practices as follows:
1. Developing a policy for internal communications between internal and external systems. Use an automated solution to identify consistent configurations.
2. Implementing a coherent strategy for end-to-end --Encrypt all of your ERP communication - including integrated 3rd party solutions.
3. Implementation of a continuous, automated vulnerability management system for your ERP configuration.
4. Develop a strong authentication for access to the cardholders have information on a need-to-know basis. Strong authentication could be done through single sign on
5. Create multi-factor authentication for management and access to information of the cardholder. For example, using a smart card, alongwith username and password.
6. Implement a control process so that auditing is always enabled.
7. Make sure you also have a formal examination of your control procedures for risk management data and improve the IT audit costs.
PCI DSS compliance includes accepting all merchants and service providers who process or credit cards. A single breach of a PCI DSS-12 main requirements can be a non-compliant status. Non-compliant incidents can and most likelylead to fines, suspension and loss of credit card processing privileges. For many small business owners who accept credit cards is the difference between success and utter failure. To continue to accept cash in today's society, credit cards, a dealer needs to be competitive.
No comments:
Post a Comment