World Leader in Electronic Compliance Communications
 
Don't let compliance
slow you down
Get a quote in minutes.
 
Demo our Services Today !
No obligation, 10-day trial
 
Access Customer Service
 
PCI DSS COMPLIANCE

PCI DSS - Payment Card Industry Data Security Standard

Protecting Cardholder Data with PCI Security Standards

 

More than 234 million records with sensitive information have been breached since January 2005, according to Privacy Rights Clearinghouse.org. As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data. Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers.

 

Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards (see diagram on page 5). Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate these vulnerabilities and protect cardholder data.

Risky Behavior
A survey of businesses in the U.S. and Europe reveals activities that may put cardholder data at risk.

  • 81% store payment card numbers
  • 73% store payment card expiration dates
  • 71% store payment card verification codes
  • 57% store customer data from the payment card magnetic stripe
  • 16% store other personal data











PCI DSS follows common sense steps that mirror best security practices. The DSS globally applies to all entities that store, process or transmit cardholder data. PCI DSS and related security standards are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating organizations include merchants, payment card issuing banks, processors, developers and other vendors.

The PCI Data Security Standard

The PCI DSS version 1.2 is the global data security standard adopted by the card brands for all organizations that process, store or transmit cardholder data. It consists of common sense steps that mirror best security practices.

Goals
PCI DSS Requirements
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability
Management Program
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement Strong Access
Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test
Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information
Security Policy
12. Maintain a policy that addresses information security for employees and contractors

 

CLICK HERE TO SIGN UP NOW.

Features
 
Resources
 
Regulations
 
Industries
 
       

 

   FEATURES
   Secure Email
   Secure File Transfer
   Secure Fax
   Secure Automated FTP
   Virtual Private Networking
   SafetySend Lockbox
   Outlook Compatibility
   Admin Console  
   Private Label
 

   INDUSTRIES

   Medical Solutions
   Financial Solutions
   Legal Solutions
   Corporate Solutions
 

 

   REGULATIONS
   HIPAA Compliance
   GLBA Compliance
   PCI DSS Compliance
   HITECH Compliance
   SOX Compliance
 

   TECHNICAL SUPPORT

   Technical FAQ
   Outlook Setup Guide
   User Guide

 

   RESOURCES

   Featured Clients
   Channel Partners
   Contact Us
Detailed Difference