Needless to say, credit cards have become prevalent in the financial world and as their popularity increases, so too do the potential security risks. The PCI DSS, Payment Card Industry Data Security Standard, applies to all payment channels, be they retail, mail/telephone, or the web. The standard is supported by major credit card brands (VISA, MasterCard, American Express, JCB International and Discover) under the PCI Security Standards Council.
Creation and management of security standards is separated from enforcement.
It is one unified security standard supported by all 5 brands, with the goal of securing cardholder data, reducing ID theft, and credit card fraud to “build a culture of security”
The Twelve Basic Requirements include
Install and maintain a firewall configuration to protect data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored data
Encrypt transmission of cardholder data and sensitive information across public networks
Use and regularly update anti-virus software
Develop and maintain secure systems and applications
Restrict access to data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Tract and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security
If you're unsure about how to comply with PCI-DSS or want to build a strong culture of security, contact Brainlink.
We help clients increase revenues and profits by being PCI compliant.
|
