SlideShare a Scribd company logo

Ensuring PCI DSS Compliance – Part 1

Aegify Inc.
Aegify Inc.

PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information security standard for organizations, developed by the Payment Card Industry Security Standards Council.

Technology
1 of 2
Download to read offline
Ensuring PCI DSS Compliance – Part 1 This is a two-part article that looks at PCI DSS and the means of achieving compliance through an effective PCI compliance management solution. PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information security standard for organizations, developed by the Payment Card Industry Security Standards Council. In view of the rampant rise in credit card frauds, this standard puts forward certain requirements, which the organizations that handle cardholder information must comply with at any cost. PCI DSS compliance is necessary for major debit, credit, prepaid, e-purse, ATM, and POS cards.Given below are the 6 control objectives and the 12 PCI DSS requirements. Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software on all systems commonly affected by malware Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security The validation of PCI DSS compliance is done annually. In the case of organizations that handle large volumes of transactions, an external Qualified Security Assessor (QSA)creates a Report on Compliance (ROC). On the other hand, companies that handle smaller volumes have to complete the Self-Assessment Questionnaire (SAQ). However, in reality, though most of the companies are achieving PCI DSS compliance, many are showing laxity when it comes to PCI DSS compliance. Here is a look at some of the negligence on the part of the merchants and business owners. Encryption is often inconsistent across a company's computer system. Credit card data may be protected in some instances, but not others. Some companies unnecessarily store credit card data and, making matters worse, fail to isolate the data from travelling across less secure parts of the network. Some IT shops fail to keep a log of network activity, making it nearly impossible to spot instances where malicious hackers or anyone without authorization are trying to access credit card data. Some companies do not conduct regular scans for software vulnerabilities and abnormal activity.
Companies that thought they were all set after complying with such regulations as the Sarbanes-Oxley Act and HIPAA/HITECH compliance discovered their controls were not adequate to meet the PCI DSS. In the second and concluding part of this article, we will look at the best means of ensuring PCI DSS compliance. Read more on - Vendor Management, IT Compliance, Security Posture Management

Recommended

Líder Treinador #27
Líder Treinador #27Líder Treinador #27
Líder Treinador #27Líder Treinador
 
Martin koch
Martin kochMartin koch
Martin kochinnovation_workshop2013
 
Contents Page Analysis
Contents Page AnalysisContents Page Analysis
Contents Page Analysisthiswaynorthproductions
 
Futurodeloscomplementosdelujo
FuturodeloscomplementosdelujoFuturodeloscomplementosdelujo
FuturodeloscomplementosdelujoMontse Aparicio Rosique
 
Music video plan
Music video planMusic video plan
Music video planDannyclayton93
 
Fao consultant
Fao consultantFao consultant
Fao consultantKioWachira
 
Paper Moon Introduction
Paper Moon Introduction Paper Moon Introduction
Paper Moon Introduction Merce Vidiella
 
Harga sepatu maika
Harga sepatu maikaHarga sepatu maika
Harga sepatu maikawujaya miha
 

Recommended

Líder Treinador #27
Líder Treinador #27Líder Treinador #27
Líder Treinador #27Líder Treinador
 
Martin koch
Martin kochMartin koch
Martin kochinnovation_workshop2013
 
Contents Page Analysis
Contents Page AnalysisContents Page Analysis
Contents Page Analysisthiswaynorthproductions
 
Futurodeloscomplementosdelujo
FuturodeloscomplementosdelujoFuturodeloscomplementosdelujo
FuturodeloscomplementosdelujoMontse Aparicio Rosique
 
Music video plan
Music video planMusic video plan
Music video planDannyclayton93
 
Fao consultant
Fao consultantFao consultant
Fao consultantKioWachira
 
Paper Moon Introduction
Paper Moon Introduction Paper Moon Introduction
Paper Moon Introduction Merce Vidiella
 
Harga sepatu maika
Harga sepatu maikaHarga sepatu maika
Harga sepatu maikawujaya miha
 
Harga tas laptop maika etnik
Harga tas laptop maika etnikHarga tas laptop maika etnik
Harga tas laptop maika etnikwujaya miha
 
Business center dubai
Business center dubaiBusiness center dubai
Business center dubaidaralmazayadxb
 
Jens kristian damsgaard
Jens kristian damsgaardJens kristian damsgaard
Jens kristian damsgaardinnovation_workshop2013
 
Harga dompet maika
Harga dompet maikaHarga dompet maika
Harga dompet maikaDawang Sirita
 
Alan warde
Alan wardeAlan warde
Alan wardekubrasivisoglu
 
Harga smallcase maika etnik
Harga smallcase maika etnikHarga smallcase maika etnik
Harga smallcase maika etnikwujaya miha
 
20151221 Khoo's CV
20151221 Khoo's CV20151221 Khoo's CV
20151221 Khoo's CVJacky Khoo
 
Web 2.0
Web 2.0Web 2.0
Web 2.0viqui-fran
 
Harga tas etnik maika 2016
Harga tas etnik maika 2016Harga tas etnik maika 2016
Harga tas etnik maika 2016wujaya miha
 
Web 2.0 2013
Web 2.0 2013Web 2.0 2013
Web 2.0 2013tecno2013ayt
 
Introduction
Introduction Introduction
Introduction Alexander Zwiers
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 

More Related Content

Viewers also liked

Harga tas laptop maika etnik
Harga tas laptop maika etnikHarga tas laptop maika etnik
Harga tas laptop maika etnikwujaya miha
 
Harga smallcase maika etnik
Harga smallcase maika etnikHarga smallcase maika etnik
Harga smallcase maika etnikwujaya miha
 
20151221 Khoo's CV
20151221 Khoo's CV20151221 Khoo's CV
20151221 Khoo's CVJacky Khoo
 
Harga tas etnik maika 2016
Harga tas etnik maika 2016Harga tas etnik maika 2016
Harga tas etnik maika 2016wujaya miha
 

Viewers also liked (11)

Harga tas laptop maika etnik
Harga tas laptop maika etnikHarga tas laptop maika etnik
Harga tas laptop maika etnik
 
Business center dubai
Business center dubaiBusiness center dubai
Business center dubai
 
Jens kristian damsgaard
Jens kristian damsgaardJens kristian damsgaard
Jens kristian damsgaard
 
Harga dompet maika
Harga dompet maikaHarga dompet maika
Harga dompet maika
 
Alan warde
Alan wardeAlan warde
Alan warde
 
Harga smallcase maika etnik
Harga smallcase maika etnikHarga smallcase maika etnik
Harga smallcase maika etnik
 
20151221 Khoo's CV
20151221 Khoo's CV20151221 Khoo's CV
20151221 Khoo's CV
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Harga tas etnik maika 2016
Harga tas etnik maika 2016Harga tas etnik maika 2016
Harga tas etnik maika 2016
 
Web 2.0 2013
Web 2.0 2013Web 2.0 2013
Web 2.0 2013
 
Introduction
Introduction Introduction
Introduction
 

More from Aegify Inc.

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryAegify Inc.
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsAegify Inc.
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaasAegify Inc.
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness DecoderAegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 

More from Aegify Inc. (17)

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support Cybersecurity
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks security
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and Buts
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECH
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industry
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness Decoder
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Ensuring PCI DSS Compliance – Part 1

  • 1. Ensuring PCI DSS Compliance – Part 1 This is a two-part article that looks at PCI DSS and the means of achieving compliance through an effective PCI compliance management solution. PCI DSS, which stands for Payment Card Industry Data Security Standard, is a proprietary information security standard for organizations, developed by the Payment Card Industry Security Standards Council. In view of the rampant rise in credit card frauds, this standard puts forward certain requirements, which the organizations that handle cardholder information must comply with at any cost. PCI DSS compliance is necessary for major debit, credit, prepaid, e-purse, ATM, and POS cards.Given below are the 6 control objectives and the 12 PCI DSS requirements. Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software on all systems commonly affected by malware Develop and maintain secure systems and applications Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security The validation of PCI DSS compliance is done annually. In the case of organizations that handle large volumes of transactions, an external Qualified Security Assessor (QSA)creates a Report on Compliance (ROC). On the other hand, companies that handle smaller volumes have to complete the Self-Assessment Questionnaire (SAQ). However, in reality, though most of the companies are achieving PCI DSS compliance, many are showing laxity when it comes to PCI DSS compliance. Here is a look at some of the negligence on the part of the merchants and business owners. Encryption is often inconsistent across a company's computer system. Credit card data may be protected in some instances, but not others. Some companies unnecessarily store credit card data and, making matters worse, fail to isolate the data from travelling across less secure parts of the network. Some IT shops fail to keep a log of network activity, making it nearly impossible to spot instances where malicious hackers or anyone without authorization are trying to access credit card data. Some companies do not conduct regular scans for software vulnerabilities and abnormal activity.
  • 2. Companies that thought they were all set after complying with such regulations as the Sarbanes-Oxley Act and HIPAA/HITECH compliance discovered their controls were not adequate to meet the PCI DSS. In the second and concluding part of this article, we will look at the best means of ensuring PCI DSS compliance. Read more on - Vendor Management, IT Compliance, Security Posture Management