Your SlideShare is downloading. ×
Ensuring PCI DSS Compliance – Part 1
Ensuring PCI DSS Compliance – Part 1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ensuring PCI DSS Compliance – Part 1

59

Published on

PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information security standard for organizations, developed by the Payment Card Industry Security Standards …

PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information security standard for organizations, developed by the Payment Card Industry Security Standards Council.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
59
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ensuring PCI DSS Compliance – Part 1This is a two-part article that looks at PCI DSS and the means of achieving compliance through an effective PCIcompliance management solution.PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information securitystandard for organizations, developed by the Payment Card Industry Security Standards Council. In view of therampant rise in credit card frauds, this standard puts forward certain requirements, which the organizations thathandle cardholder information must comply with at any cost. PCI DSS compliance is necessary for major debit,credit, prepaid, e-purse, ATM, and POS cards.Given below are the 6 control objectives and the 12 PCI DSSrequirements.Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parametersProtect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networksMaintain a Vulnerability Management Program Use and regularly update anti-virus software on all systems commonly affected by malware Develop and maintain secure systems and applicationsImplement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder dataRegularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processesMaintain an Information Security Policy Maintain a policy that addresses information securityThe validation of PCI DSS compliance is done annually. In the case of organizations that handle large volumes oftransactions, an external Qualified Security Assessor (QSA)creates a Report on Compliance (ROC). On the otherhand, companies that handle smaller volumes have to complete the Self-Assessment Questionnaire (SAQ).However, in reality, though most of the companies are achieving PCI DSS compliance, many are showing laxitywhen it comes to PCI DSS compliance. Here is a look at some of the negligence on the part of the merchants andbusiness owners. Encryption is often inconsistent across a companys computer system. Credit card data may be protected in some instances, but not others. Some companies unnecessarily store credit card data and, making matters worse, fail to isolate the data from travelling across less secure parts of the network. Some IT shops fail to keep a log of network activity, making it nearly impossible to spot instances where malicious hackers or anyone without authorization are trying to access credit card data. Some companies do not conduct regular scans for software vulnerabilities and abnormal activity.
  • 2. Companies that thought they were all set after complying with such regulations as the Sarbanes-Oxley Act and HIPAA/HITECH compliance discovered their controls were not adequate to meet the PCI DSS.In the second and concluding part of this article, we will look at the best means of ensuring PCI DSS compliance.Read more on - Vendor Management, IT Compliance, Security Posture Management

×