DBGarrison

Home · Site Map · Powered by WhyPark.com

Planning For The Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) was created to help guide companies toward higher standards of security to protect sensitive cardholder data. Any company that accepts, stores, processes, or transmits sensitive credit card information is required to be PCI compliant or risk a range of stiff fines and penalties  including the loss of the ability to accept credit cards at all.

Planning ahead, then, and preparing your company for the necessary changes required by the Payment Card Industry Data Security Standard is just good business sense.

There are a number of ways to do this. If you're a new company you can include PCI DSS measures from the beginning. If, however, you are a more established company, you must plan for making a relatively painless switch  or risk having a very painful switch forced on you later.

To help companies comply with the Payment Card Industry Data Security Standard the PCI SSC has offered some helps that can assist you in becoming compliant. One of these helps, or tools, is the the PCI DSS Self Assessment Questionnaire (SAQ). This is a tool that not only helps you recognize the aspects of compliance that you may still need to work on, but also lets you demonstrate your compliance with the PCI DSS.

Good documentation is one of the best things you can do for your company. On the road to payment Card Industry Data Security Standard compliance, you will be expected to be able to show your compliance or, at least, the steps you are currently involved in to reach compliance.

Auditors and bureaucrats  just hearing those names are enough to make some business owners cringe. Nevertheless, they are part of becoming compliant, so they can't always be avoided. Luckily there is nothing an auditor or bureaucrat likes better than a healthy pile of documents to sink their teeth into. By documenting every step you take, and what you've done to plan for the next steps, or to comply with the controls, you can make compliance a little less painful.

On the PCI SSC website you can download some documents that can help you plan and prepare for your compliance. These are the Self Assessment Questionnaire, the standard requirements, and the security audit procedure.

When it comes to credit card data security and the documentation that goes along with it, the old saying holds true: "It's better to have and not need than to need and not have."

Yet despite the mandates of the PCI DSS, many companies have still not taken the necessary steps to be PCI compliant. The excuses can be many and varied, including the popular standbys: it's too complex, it's too expensive, it's unlikely, given the percentage of breached to non-breached companies, that my company will be targeted.

The unfortunate truth here is that the Payment Card Industry Data Security Standard can be complex, and it can be be expensive to implement. And, generally speaking, most businesses get so caught up in the day-to-day workings of their company that the thought of spending a great amount of money and resources on defending against an attack that may never happen is a hard thing to justify.

The one thing to always keep in mind, here, is how much worse would the alternative be? If that attack should ever come, not only will you suffer the loss of possibly hundreds of thousands of dollars in fines and penalties, but you will also find yourself with a damaged reputation that could prove irreparable. And that could create a loss that is incalculable.

The same goes for your documentation. If you should have trouble along the road to the Payment Card Industry Data Security Standard, such as a breach or other intrusion, you will be able to show the security council that you were, in fact, doing everything within your power to become compliant.

"You never know" scenarios are never easy sells in the business world. But as we advance further into this digital age, that may be exactly what is needed.

Andy Eliason is a writer at Main10, Inc. If you'd like to know more about the Payment Card Industry Data Security Standard visit http://www.braintreepaymentsolutions.com/ or http://www.braintreepaymentsolutions.com/payment-card-industry-data-security-standard/article/5/

Related Articles:

Commtouch Opens Email Security Blog to the Public to Share Insights and Early Warnings: Celebrates a Year of Blogging with Anti-Spam Cartoon
Commtouch (NASDAQ:CTCHD) today announced that it is opening up its email security blog, the Commtouch Cafe, to the general public.

Dolphin Technology, Inc. Announces the Release of the PuriFile Electronic Document File Inspection Application
Dolphin Techology, Inc. has announced the release of PuriFile™, its electronic document file inspection application. PuriFile, identifies critical metadata hidden within Microsoft® Office Files, but also reveals other hidden information, placed in files by the user either accidentally or maliciously.

Alarm Systems & VoIP (Voice over Internet Protocol) Phone Lines
An astounding and unexpected number of people are dropping their (POTS) plain old telephone system, for the latest trends in phone service, VoIP. According to Frost & Sullivan there were 100,000 VoIP users at the end of 2003.

Neuro-linguistic Programming Strategies
One?s thought patterns, beliefs and attitudes can be used to ?preprogram? actual experiences that are yet to happen. NLP is very focused on how we think, what influences the way we think, and how we structure what we think. Subscribers to the science are encouraged to closely study and then model those individuals who do things well.

Calibration For Business Using Neuro Linguistic Programming NLP
Calibration in Neuro Linguistic Programming NLP refers to the skill of observing and listening for the unconscious responses that the people around us (whether business clients, suppliers, colleagues, subordinates) offer us These unconscious responses offer clues as to the thoughts that are passing through the mind of the other person

Eavesdropping and Counter-Measures: Technology and Techniques
You need to know how to protect yourself, since your security department or any consultant may not be truly aware of these threats and therefore not dependable. Since September 11th, a number of businesses entered the security field with little to no knowledge of the trade itself; only of its profit potential.

Managed Vs. Unmanaged Dedicated Hosting
"Unmanaged dedicated servers" - this is a pretty uninviting term to many, especially the non-gurus, but in most cases is not as "non-servicing" as it seems. In fact, I think someone one day soon, ( who knows maybe me ) will coin a new phrase to replace the term "unmanaged" - similar to how "used cars" is now "pre-owned" or how "apartment complexes" are now "rental communities".

NLN Unveils Simulation Innovation Resource Center (SIRC): Online E-learning Site Facilitates Integration of Simulation Technology into Nursing Educati
The National League for Nursing has given simulation technology in nursing education a long-awaited boost with the creation of the online Simulation Innovation Resource Center (SIRC), a project inaugurated with funding by Laerdal Medical. Nurse educators around the world can learn how to use simulation to promote and evaluate student learning, as well as dialogue with simulation experts and one another, by engaging with the resources on the SIRC website: http://sirc.nln.org.

Home security systems ? an imperative for safety
Monitoring systems for home security are important assets for everyone. We all want to protect our families and valuables and need the best monitoring security system on the market to prevent burglars from breaking into our homes. Burglar alarm systems for home security are designed to monitor your home 24 hours a day, thus lowering your chances of being burglarized. Once you set up such a security system, you can rest at ease knowing that your family and property are safe. It has been statistically proven that houses equipped with a home security system stand less chances of being broken into. This is why more and more people choose alarm systems to ensure the security of their homes.

Carp Data Service Says Data Analysis Software Prepares Businesses for Downturn
With economic gloom forecasted for the near future, smart businesses use data analysis software to gain a competitive edge. But traditional massive system installations are out, new affordable software-as-a-service products are in.


Privacy Policy | Copyright/Trademark Notification