+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14

Thread: What is PCI Compliance?

  1. #1
    Administrator chargebacks has disabled reputation
    Join Date
    Feb 2007
    Posts
    471

    What is PCI Compliance?

    Per the Payment Card Industry (PCI) Data Security Standard set up in June of 2005, all businesses that accept credit cards and secure customer information need to be PCI compliant. However, the level of compliance varies on the merchant, though itís never a bad idea to be seen as a secure business to your customer.

    Developed by the four major credit card companies Ė Discover, American Express, Visa, and Mastercard Ė PCI was created to give customers the added security of knowing that their information was safe once it was given to a business. Any of the transaction or account information as given to the business is required to be confidential and safe from hackers and other computer infiltrators. All merchants who accept credit cards need to be PCI compliant or risk having their accounts suspended and fined or even terminated.

    There are two steps involved in becoming PCI compliant. One is that businesses need to pass scans of their systems on a quarterly basis. These scans will be conducted by an independent scanning service like ScanAlert. These scans will need to be done at every internet access point, server, and connection. The next step is that ScanAlert, or another independent scanner, will provide you with a questionnaire that will ask you about your security measures and how you feel they are working for you. These questions are provided with an online wizard tool.

    You can expect to pay annual fees to help keep your website PC compliant and scanned at regular intervals. You can also opt for a Hacker Safe logo on your website from various scanning companies that will scan your site on a daily basis to give your customers the ultimate feeling of security.

    You will also want to look for scanning services that can provide you with repairs on parts of your system that might be vulnerable to attack or security compromises. This will allow you to keep any prying eyes out of your personal records as well as the records of your customers.

    And just what are you trying to keep them safe from? Hackers that can get into the Internet files of your server can access confidential information from your customers, allowing them to find out credit card numbers, contact information and even identification information that can help in stealing an identity. All of these security breaches can not only compromise the security and privacy of your customers, but will also diminish the overall respect of your website and its commitment to customer safety.

    You owe it to your business and to your clients to provide them with shopping in a PCI compliant environment. Customers will return to you when they know that they can count on their information being used only for that purchases that they want to make. In this day and age of identity theft and credit card fraud, you just canít afford to take any chances Ė and when you do, you might find yourself without the ability to take credit cards anymore.

    Brought to you by MerchantTalk

  2. #2
    Junior Member mharrisr is on a distinguished road
    Join Date
    May 2007
    Posts
    26
    Thanks for the useful information. I will keep my site with PCI compliant.

  3. #3
    Banned peyton999 is on a distinguished road
    Join Date
    Jun 2007
    Posts
    243
    This is a really useful piece of information for beginners

  4. #4
    Junior Member Bette is on a distinguished road
    Join Date
    Jul 2007
    Posts
    1

    Lightbulb PCI whitepaper

    Further to the above, you might find this free white paper useful, to help you better understand PCI DSS compliance: PCI DSS Made Easy.

    In a nutshell, this white paper explain the requirements to achieve PCI companies, as well as the implications of non-compliance.

  5. #5
    Member geet_kunal is on a distinguished road
    Join Date
    Aug 2007
    Posts
    92
    Thax buddy for the detail of the Payment Card Industry (PCI) ..i do not know bout this ..this will helpfull for engineers ..thax again

  6. #6
    Junior Member Chargeback_Kid is on a distinguished road
    Join Date
    Aug 2007
    Posts
    1
    The safest transaction model (for authentification and processing of data) as I understand was using SSL protocols like those employed by authorizenet and verisign?

    Do you think that more security will actually help or rather that is presents a false front luring people into making risky card absent transactions? Even a fraudulent company can present with the latest compliance to the customer.

  7. #7
    Senior Member willyoumind is on a distinguished road
    Join Date
    Jul 2008
    Posts
    306
    I did read an article related with PCI before, but yours seem to be more detailed and easy to understand than the one I was read before...

    By the way, thanks for the great PCI compliance information.

  8. #8
    Junior Member chandramouli9779 is on a distinguished road
    Join Date
    Aug 2008
    Posts
    15
    Dear All........ Want to get into details on PCI... then read on............

    The current Version od PCI-DSS(Data Security Standards)-Ver 1.1 has 12 rules, as mentioned below....

    Build and maintain a secure network
    Requirement 1: Install and maintain a firewall configuration to protect cardholder data
    Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
    Protect cardholder data
    Requirement 3: Protect stored cardholder data
    Requirement 4: Encrypt transmission of cardholder data across open, public networks
    Maintain a vulnerability management program
    Requirement 5: Use and regularly update anti-virus software or programs
    Requirement 6: Develop and maintain secure systems and applications
    Implement strong access control measures
    Requirement 7: Restrict access to cardholder data by business need-to-know
    Requirement 8: Assign a unique ID to each person with computer access
    Requirement 9: Restrict physical access to cardholder data
    Regularly monitor and test networks
    Requirement 10: Track and monitor all access to network resources and cardholder data
    Requirement 11: Regularly test security systems and processes
    Maintain an information security policy
    Requirement 12: Maintain a policy that addresses information security for employees and contractors

  9. #9
    Senior Member willyoumind is on a distinguished road
    Join Date
    Jul 2008
    Posts
    306
    Chandra, I would like to know what is the different between the "restrict access to cardholder data by business need-to-know and restrict physical access to cardholder data"? Isn't these two things supposed the same?

  10. #10
    Junior Member chandramouli9779 is on a distinguished road
    Join Date
    Aug 2008
    Posts
    15
    Restrict access to cardholder data by business need to know - It means, the screens or website, where the cardholder information like card number, expiry date, name are visible for the business users. Say i am in facility management in a bank and my bank has an ERP, which also process credit card informations. As a staff in facility i may not require access to screens having cardholder information, but still need to log on my house keeping efforts in the software. So my access would be only for facility work log in screens. That is business need to know access.

    The physical access is the hard copy of the application forms that many banks store after processing the credit card application form in a strong room or a vault. The vault also would also have access controls, which should also be given only for specific people.

    hope its clear now....

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53