Payment Card Industry (PCI) Data Security Standards
With the rising incidence of credit card fraud, there is an ever-increasing focus on protecting consumer data. Any cardholder data obtained during the payment process is confidential and therefore must be protected by merchants. However, data thieves are targeting merchants' procedural or system vulnerabilities to gain access to this information. To help prevent the theft of card data, Visa and MasterCard, along with other major card associations, have developed a common security standard for all merchants that process cardholder data.
This new industry standard, known as the Payment Card Industry (PCI) Data Security Standard is intended to ensure that merchants' card processing procedures meet certain security requirements. The following 12 requirements comprise the PCI Data Security Standards and apply to all merchants that process, transmit, or store cardholder data.
PCI Data Security Standards:
These standards, sometimes referred to as the "digital dozen," represent good business practices; but each standard is also comprised of more detailed requirements which govern the procedures for safeguarding transaction data. Many merchants have taken steps to comply with these requirements, but those that remain out of compliance face significant fines, expensive recovery costs, possible loss of ability to accept card transactions, and damage to their business reputation. These consequences are being experienced regularly by merchants that ignore compliance requirements or experience cardholder data compromises.
Electronic Payment Systems places great importance on ensuring that its merchant customers have access to state-of-the-art tools to protect transaction information and cardholder data. We are taking an active role in helping merchants comply with the PCI Data Security Standards and have partnered with Security Metrics - a certified security assessment company - to provide an easy to use online compliance program. This program consists of a self-assessment questionnaire along with periodic certified network security scans.
Security Metrics guides merchants through the compliance process and provides unlimited help desk support for determining merchant requirements and assessing any remedial action which may be necessary to improve security systems or procedures. Enrollment is easy and the cost is minimal.
Enroll today at www.securitymetrics.com/sitecertinfo and take advantage of the preferred pricing for Electronic Payment Systems customers.
To learn more about the PCI Data Security Standards or to get a complete list of certified security assessment companies please visit www.visa.com/cisp or www.mastercard.com/sdp
This new industry standard, known as the Payment Card Industry (PCI) Data Security Standard is intended to ensure that merchants' card processing procedures meet certain security requirements. The following 12 requirements comprise the PCI Data Security Standards and apply to all merchants that process, transmit, or store cardholder data.
PCI Data Security Standards:- • Install and maintain a firewall configuration to protect data.
- • Do not use vendor-supplied defaults for system passwords and other
security parameters. - • Protect stored data.
- • Encrypt transmission of cardholder data and sensitive information
across public networks. - • Use and regularly update anti-virus software.
- • Develop and maintain secure systems and applications.
- • Restrict access to data by business need-to-know.
- • Assign a unique ID to each person with computer access.
- • Restrict physical access to cardholder data.
- • Track and monitor all access to network resources and cardholder data.
- • Regularly test security systems and processes.
- • Maintain a policy that addresses information security.
These standards, sometimes referred to as the "digital dozen," represent good business practices; but each standard is also comprised of more detailed requirements which govern the procedures for safeguarding transaction data. Many merchants have taken steps to comply with these requirements, but those that remain out of compliance face significant fines, expensive recovery costs, possible loss of ability to accept card transactions, and damage to their business reputation. These consequences are being experienced regularly by merchants that ignore compliance requirements or experience cardholder data compromises.
Electronic Payment Systems places great importance on ensuring that its merchant customers have access to state-of-the-art tools to protect transaction information and cardholder data. We are taking an active role in helping merchants comply with the PCI Data Security Standards and have partnered with Security Metrics - a certified security assessment company - to provide an easy to use online compliance program. This program consists of a self-assessment questionnaire along with periodic certified network security scans.
Security Metrics guides merchants through the compliance process and provides unlimited help desk support for determining merchant requirements and assessing any remedial action which may be necessary to improve security systems or procedures. Enrollment is easy and the cost is minimal.
Enroll today at www.securitymetrics.com/sitecertinfo and take advantage of the preferred pricing for Electronic Payment Systems customers.
To learn more about the PCI Data Security Standards or to get a complete list of certified security assessment companies please visit www.visa.com/cisp or www.mastercard.com/sdp