08-16-2017, 09:53 PM
PCI DSS
There are several ways that criminals can collect customer data for later fraudulent use. Fraudsters may retrieve a tampered device once it has collected enough data, or interfere with the transmission of information in real-time over a wireless connection. The PCI Data Security Standard (PCI DSS) was introduced in 2005 and supersedes the various standards used by card schemes for the secure storage of accounts and transaction data. The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. organizations can proactively protect customer account data with PCI DSS.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network:
1)protect cardholder data through installing a firewall.
2)Remove vendor-supplied defaults for system passwords.
Protect Cardholder Data:
3)Protect stored cardholder data
4)Encrypt the transmission of cardholder data like cardnumber, password etc. across open, public networks
Maintain a Vulnerability Management Program
5)encourage anti-virus software use
6)Development of secure systems and applications
Implement Strong Access Control Measures:
7)Restrict access to cardholder data by business
8)Providing a unique ID to each person with computer access
9)Restrict physical access to cardholder data
Regularly Monitor and Test Networks:
10)network resources and cardholder data accesses must be tracked.
11)Regularly test security systems and processes
Maintain an Information Security Policy
12)Maintain a policy that addresses information security of the cardholder.
[attachment=1485]