PCI  Compliance

ABOUT PCI Compliance

Becoming PCI Compliant is a major step when dealing with credit cards on a regular basis. The Payment Card Industry (PCI) consists of the five major credit card brands:
• Visa
• MasterCard
• American Express
• DiscoverCard
• JCB International

Overview

The PCI Data Security Standard (PCI DSS) really began with each credit card issuer establishing their own proprietary programs to store and secure credit card data.

Merchant concerns and confusion concerning rival and intersecting card brand-specific requirements, along with the continuation of massive credit card data breaches at many high profile organizations, prompted the card issuers to come together to create a single standard for protecting credit card data.

In June 2005, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International founded the PCI Security Council. These requirements are based on ISO 17799-the internationally recognized standard for information security practices.

The main tasks of the council are:
• Creating, owning and managing PCI DSS for credit card data
• Classifying a common audit requirement to certify compliance
• Overseeing a certification process for security assessors and network scanning vendors
• Instituting minimum qualification requirements
• Retaining and publishing a list of certified assessors and vendors

Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion.

PCI Compliance Basics

There are six categories of PCI compliance security standards.

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data * Focus Version 7.4 Build 10.11.11 and Above Do this Automatically

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access *Focus does this*
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

Further information regarding PCI Compliance can be found at http://www.pcisecuritystandards.org

 
Go to top