Implementing The Payment Card Industry Data Security Standard
In order to protect the integrity of card-not-present transactions, such as online commerce, the five major credit card companies came together and created the Payment Card Industry Data Security Standard. As more and more stories about security breaches reach the public awareness, consumer confidence in electronic transactions is in danger of falling off significantly.
The Payment Card Industry Data Security Standard (or PCI DSS) was designed to offer guidance and incentives for implementing a standardized set of security measures.
So where do you start? There are twelve requirements in the Payment Card Industry Data Security Standard, so you might as well start at the beginning.
Requirement number one mandates that you install and maintain a firewall configuration to protect cardholder data. This allows you to control the traffic that has access to the sensitive areas of your site.
The second requirement states that you must not use vendor-supplied defaults for system passwords and other security parameters. These default passwords are often well known in the hacker community, and the first thing they try when attacking your system.
The third has a little more broad of a scope, in that it just requires you to protect cardholder data. That could mean anything, but in this case it includes the necessity of restricting physical as well as digital access to data. It also specifies exactly what information you cannot store at all.
Requirement four deals with encrypting transmission of cardholder data across open, public networks. Sometimes a hacker will bypass trying to break into systems and simply try to intercept sensitive information en route. It's very important to make that information unreadable, so they can't do anything with the information they might catch.
The fifth requirement deals with other, non-human threats. You are required to use and regularly update anti-virus software to guard your system against the various malicious programs that can infect your system. These programs can get into your system through any number of methods, and it's important to guard yourself against them.
Developing and maintaining secure application is the sixth requirement. Your programs and applications need to be current and up-to-date with current security measures. As you use certain programs, security holes are often discovered, and you must fix them or patch them as necessary.
Number seven requires you to limit access to sensitive information to people who need to know for the purposes of their job. For some people it it absolutely necessary for them to have access to this information, but they are the only people who should ever see it.
Requirement eight says you should assign a unique ID to anyone with computer access. By doing so you can be sure that any actions taken on important systems are performed by, and can be traced to, authorized personnel.
The ninth requirement says that you have to restrict physical access to your systems. You don't want the wrong people finding and stealing equipment, hardcopies, and encryption keys.
Number ten requires you to track and monitor all access to network resources and carholder data. This is absolutely essential if something goes wrong on your system. Logging software will help track and analyze what happened.
The eleventh requirement states that you must regularly test security systems and processes. No matter how perfect you think your security measures are, there's always a chance someone will find a previously unknown vulnerability. Regular testing is the best way to find those vulnerabilities first.
The final requirement is to maintain a policy that addressees information security for employees. It makes sense. All the procedures in the world don't mean a thing if your people don't know about them. You have to keep everyone informed.
The Payment Card Industry Data Security Standard can be a complex and time consuming thing to implement. For that reason many companies have opted to outsource their PCI compliance. But whatever you choose, just remember that the sooner you adopt the Payment Card Industry Data Security Standard, the sooner you will experience the benefits.
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about the Payment Card Industry Data Security Standard visit http://www.braintreepaymentsolutions.com/ or http://www.braintreepaymentsolutions.com/payment-card-industry-data-security-standard/article/5/
Related Articles:
Security Feature Added to Drexel's Online Computer Technology Degree Program
Drexel University Online, a pioneer in Internet-based education programs, has recently added a new security feature to its Bachelor of Science in Computing Technology degree program.
Fully Managed Small Business Hosted VOIP Telephone System Launched by Kinetech Voice Technologies
Kinetech Voice Technologies has launched its "Managed Business Communications Service", or MBCS, for the Small and Medium Size Business Market. MBCS is a fully managed, carrier grade, full featured business class telephone service. The entire system is managed and monitored 24 hours a day, 365 days per year. Small business can now hand off complete responsibility for their communications system to one service provider, who is ultimately responsible for managing the complete customer Quality of Experience- telephone service, network, broadband connection, maintenance, and equipment.
What to Look for in an Orlando Home Security Alarm System
Basically, you need an Orlando Home Security Alarm system so that you can monitor what is happening in your home even while you are not around. But Orlando Home Security Alarm systems do not fit a one-size-fits-all purposes type of model. Rather, every system is designed to perform a certain way to provide the best protection for your home.
Computer Hackers Target Entertainers' Home Computers: LIGATT Security Watch by Gregory Evans
Computer hackers are the new paparazzi. Hackers are now targeting entertainers. In a hacker's chat room, LIGATT Security has learned that hackers are targeting entertainers and their managers' home computers. Seeing how much money can be made from one paparazzi photograph, hackers now have a vested interest in all private photos, family pictures, nude photographs, and personal and sexual video footage; they know that one picture can be sold for hundreds of thousands of dollars to tabloid newspapers all over the world.
New Hard Drive Destruction Machine For Computer Systems Security Crushes Identity Theft...Literally
For businesses looking to prevent identity theft and comply with federal data security laws about protecting customer privacy such as HIPAA and FACTA, a new machine is available that will physically crush threats to data privacy. The Guardian hard drive destroyer, now available from http://www.hddmachine.com (a website which has short demonstration videos of this machine for those interested), is a portable hard drive destroyer weighing just 140 lbs which plugs into a standard 120v, 3 prong grounded outlet and can be located in the IT department of any business or organization.
Protection Through The Home Security Alarm System
In this increasingly chaotic world, the protection of your home from burglary and invasion seems to be of mounting concern among homeowners. To keep pace with this hyper-vigilance, home security measures are becoming more and more comprehensive; we?ve now moved on to wireless systems that allow us to streamline our security effortlessly. But nothing has maintained its popularity in the protection of our homes like the home security alarm system.
Walling Data Helps Tennessee Small Business Upgrade Their Computer Security
Tennessee-based JL Troy Company discovers "hassle-free" AVG software and benefits of working with the company's number one US Distributor.
Collision Repair Software / Auto Body Software -- Combined Computer Technology Celebrates it's 15th Year
Auto Body Software / Collision Repair Software published by CCT makes jobcosting in a bodyshop easy with integrated accounting. Stuart McColl, President of Combined Computer Technology says, "Thanks to all the autobody shops across the country who have made the CC3 management system the best accounting system available at any price. Fifteen years and going strong - thanks !!!!". www.collisionrepairsoftware.com
Computer Security Systems
In the current technology oriented period, nearly all vital info is saved on computer systems. With the intention of locating and using this important info, hackers get a hold of destructive and innovative methods to pinch this info. People will continuously make an attempt to get into your computer system to come across info for instance your credit card number and make use of it for their own advantage.
Data Security And Computer Recycling - New Machine Helps With Safe Disposal Of Corporate Electronic Waste
For corporations looking to safely dispose of electronic waste, and recycle computers in a way that complies with both electronic recycling laws and data security laws, there is a new machine to help do the job. The Guardian, now available from http://www.hddmachine.com, allows hard drives from old computers to be removed and crushed in less than 15 seconds, rendering the data useless, decreasing corporate liability and helping to keep customer data private when disposing of old computers.