Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
 

PCI Compliancy

 

Becoming PCI Compliant is a major step when dealing with credit cards on a regular basis. The Payment Card Industry (PCI) consists of the five major credit card brands:

 

  • Visa

    •  

  • MasterCard

    •  

  • American Express

    •  

  • DiscoverCard

    •  

  • JCB International

    •  

The PCI Data Security Standard (PCI DSS) really began with each credit card issuer establishing their own proprietary programs to store and secure credit card data.

Merchant concerns and confusion concerning rival and intersecting card brand-specific requirements, along with the continuation of massive credit card data breaches at many high profile organizations, prompted the card issuers to come together to create a single standard for protecting credit card data.

In June 2005, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International founded the PCI Security Council. These requirements are based on ISO 17799-the internationally recognized standard for information security practices.

The main tasks of the council are:

 

     
  • Creating, owning and managing PCI DSS for credit card data

    •  

  • Classifying a common audit requirement to certify compliance

    •  

  • Overseeing a certification process for security assessors and network scanning vendors

    •  

  • Instituting minimum qualification requirements

    •  

  • Retaining and publishing a list of certified assessors and vendors

    •  

Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion.

 

PCI Compliancy Basics

 

There are six categories of PCI compliance security standards.

 

Build and Maintain a Secure Network

 

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

 

Protect Cardholder Data * Focus Version 7.8.8 and Above Do this Automatically *

 

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

 

Maintain a Vulnerability Management Program

 

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

 

Implement Strong Access Control Measures

 

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access *Focus does this*
Requirement 9: Restrict physical access to cardholder data

 

Regularly Monitor and Test Networks

 

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

 

Maintain an Information Security Policy

 

Requirement 12: Maintain a policy that addresses information security