PCI DSS security module

[ashokjp]

PCI DSS
There are several ways that criminals can collect customer data for later fraudulent use. Fraudsters may retrieve a tampered device once it has collected enough data, or interfere with the transmission of information in real-time over a wireless connection. The PCI Data Security Standard (PCI DSS) was introduced in 2005 and supersedes the various standards used by card schemes for the secure storage of accounts and transaction data. The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. organizations can proactively protect customer account data with PCI DSS.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network:
1)protect cardholder data through installing a firewall.
2)Remove vendor-supplied defaults for system passwords.

Protect Cardholder Data:
3)Protect stored cardholder data
4)Encrypt the transmission of cardholder data like cardnumber, password etc. across open, public networks

Maintain a Vulnerability Management Program
5)encourage anti-virus software use
6)Development of secure systems and applications

Implement Strong Access Control Measures:
7)Restrict access to cardholder data by business
8)Providing a unique ID to each person with computer access
9)Restrict physical access to cardholder data

Regularly Monitor and Test Networks:
10)network resources and cardholder data accesses must be tracked.
11)Regularly test security systems and processes

Maintain an Information Security Policy
12)Maintain a policy that addresses information security of the cardholder.

[attachment=1485]

[sujith mu]

Payment Card Industry Data Security Standard (or PCI DSS in short) was developed by credit card companies including Visa, MasterCard, American Express, Discover and JCB, etc as a guideline to help merchants and transaction processing companies to prevent credit card fraud, cracking and various other security vulnerabilities and threats.Each founding member also recognizes the Qualified Security Assessors and Approved Scanning Vendors qualified by the PCI SSC to assess compliance with the PCI DSS.
Protect Stored Cardholder Data
The account information and PAN number must be rendered unreadable through:
-hashed indexes
-Strong cryptography
-Index tokens and pads
-Truncation

Encrypt transmission of cardholder data across open, public networks
Use SSL, IPSEC, TLS protocols to safeguard sensitive card holder data during transmission over open networks.
To provide these services, the companies conduct code reviews for all their Web applications, or install an application-level firewall. traditional solutions suggest the use of audit trail and logging. To prevent unauthorised reading of data, one can implement access control and block unauthorized users from reading the sensitive data, but these data are available to the system administrators.Command-based encryption utilities only work with offline archives.

Modern proprietary systems protect encryption and digital signing keys inside hardware security module (HSM) from disclosure and duplication. they may encrypt data with NIST certified AES, 3DES and DES cryptographic algorithms and create digital signatures to assure data integrity.Digital signature prevents and provides evidence to alteration of data being signed.

[junaidaadil]

i want full seminar detail topic named PCI DSS security module