Payment card industry data security standard

Posted on November 7, 2006

The Payment Card Industry Data Security Standard (PCI - DSS) is, now, a group effort by worlds leading financial companies like American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

The primary focus is to safeguard the customer card information so as to protect them from fraud and misuse of the cards. This effort led them to derive a standard which is mandatory for many organizations to comply with. To achieve compliance, these organizations need to implement the PCI-DSS standard. The standard has defined 12 requirements / safeguards to comply with.

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update anti-virus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security

Compliance to all 12 requirements as laid out by the PCI security standards councill, is required by all applicable organizations. The requirements apply to all members, merchants, and service providers that store, process, or transmit cardholder data.

One can download the complete standard from the following URL.

https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm

 

Add to your bookmarks:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • digg
  • del.icio.us
  • NewsVine
  • Shadows
  • blinkbits
  • BlinkList
  • feedmelinks
  • Reddit
  • YahooMyWeb

» Filed Under Security Standards

Comments

2 Responses to “Payment card industry data security standard”

  1. Datasecurity on November 8th, 2006 1:06 pm

    If you would like more information about implementing the PCI DSS and intent of the requirements check out our blog:

    http://datasecurity.wordpress.com/

  2. Jakob on July 22nd, 2007 10:13 pm

    This is exactly what I expected to find out after reading the title nt card industry data security standard : Real Information Security. Thanks for informative article

Leave a Reply




Sponsers