• American Express
• JCB International
The PCI Data Security Standard (PCI DSS) really began with each credit card issuer establishing their own proprietary programs to store and secure credit card data.
Merchant concerns and confusion concerning rival and intersecting card brand-specific requirements, along with the continuation of massive credit card data breaches at many high profile organizations, prompted the card issuers to come together to create a single standard for protecting credit card data.
In June 2005, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International founded the PCI Security Council. These requirements are based on ISO 17799-the internationally recognized standard for information security practices.
The main tasks of the council are:
• Creating, owning and managing PCI DSS for credit card data
• Classifying a common audit requirement to certify compliance
• Overseeing a certification process for security assessors and network scanning vendors
• Instituting minimum qualification requirements
• Retaining and publishing a list of certified assessors and vendors
Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion.
PCI Compliance Basics
There are six categories of PCI compliance security standards.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data * Focus Version 7.4 Build 10.11.11 and Above Do this Automatically
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access *Focus does this*
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Further information regarding PCI Compliance can be found at http://www.pcisecuritystandards.org