None of us are experts at compliance
laws, we just comply with what we’re asked to. Ecommerce vendors
and customers need to ensure PCI compliance. This article provides an
overview of what PCI compliance is and how merchants can ensure
compliance of the same.
Overview
If you're in the business of
selling online and accept credit, debit, prepaid, ATM, e-purse or POS
cards as a payment method, it is necessary to understand PCI and
comply with PCI DSS. So what exactly is PCI? PCI is short for Payment
Cards Industry, and DSS for the Data Security Standard that regulates
the way credit card payments are processed to ensure security of
customers' card information during a transaction. Every merchant who
accepts credit cards needs to be PCI compliant, irrespective of the
size of their business or industry they are in to.
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for businesses that handle, store, and process credit cards. The standards are defined by the PCI SSC (Payment Cart Industry Security Standards Council), which includes MasterCard, Visa International, America Express, JCB etc. These standards have 12 core requirements with the aim of protecting cardholder data and maintaining a safe network that has strong access control measures. Those who don't comply to these standards run the risk of having their data security breached, attracting fines as high as $500,000 per incident, debarred from accepting credit cards and customer lawsuits, apart from damage to the company's reputation and brand value.
The 12 core requirements for PCI compliance for merchants are:
Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for businesses that handle, store, and process credit cards. The standards are defined by the PCI SSC (Payment Cart Industry Security Standards Council), which includes MasterCard, Visa International, America Express, JCB etc. These standards have 12 core requirements with the aim of protecting cardholder data and maintaining a safe network that has strong access control measures. Those who don't comply to these standards run the risk of having their data security breached, attracting fines as high as $500,000 per incident, debarred from accepting credit cards and customer lawsuits, apart from damage to the company's reputation and brand value.
The 12 core requirements for PCI compliance for merchants are:
- Build and maintain a secure network
1. Install and maintain a
firewall configuration to protect cardholder data
2. Abstain from using vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder data
1. Protect stored
cardholder data
2. Encrypt transmission of cardholder data across open, public networks
- Maintain a vulnerability management program
1. Use and
regularly update antivirus software or programs
2. Develop and maintain secure systems and applications
- Implement strong access control measures
1. Restrict access
to cardholder data by business need to know
2. Assign a unique ID to each person with computer access
3. Restrict physical access to cardholder data
- Regularly monitor and test networks
1. Track and
monitor all access to network resources and cardholder data
2. Regularly test security systems and processes
- Maintain an information and security policy
Maintain a
policy that addresses information security for all personnel.
No comments:
Post a Comment