The PCI Compliance council, also known as Payment Card Industry Compliance council, was formed on 15th of Dec, 2004 to protect an individual's ATM, credit, and debit card information. As defined by the PCI Compliance Council, this standard was created to reduce the credit card fraud due to its exposure. PCI Compliance validation is done annually by Qualified Security Assessors for the organizations that handle huge volumes of transactions. In the month of September, 2006, the PCI Compliance standard was updated to version 1.1. Minor revisions were made to the version 1.0.
PCI Compliance applies to all the merchant organizations, regardless of the total number of transactions made. Any merchant that accepts or stores any cardholder data. Whenever any customer makes any purchase under the name of the organization, then the PCI Compliance directly applies. Level 4 Merchants have to refer to their Merchant Bank for validation and deadlines. All deadlines are enforced from the merchant banks only.
PCI Compliance is required by all card brands. Protecting the valuable information like pin and card number is the main purpose. There are 6 main requirements for PCI Compliance. A merchant must follow the rules. Firstly, the vendor or the merchant must build and maintain a secure and reliable network. Firewall should be installed and maintained properly to protect the cardholder's data. Vendor given, default passwords should not be used. Secondly, a vulnerability management program should be maintained. Applications should be secured and maintained properly. Anti-virus programs should be updated regularly. Thirdly, strong access control measures should be implemented. Card holder's data should be restricted by business need-to-know. Unique ID should be assigned to each person. Physical access to cardholder data should be restricted. Fourthly, networks should be monitored and tested regularly. Tracking is a necessary measure that should be done. Encrypt transmission of cardholder data across open, public networks.
Fourthly, Implement Strong Access Control Measures. This is done by restricting access to card holder's data by the business need-to-know. Assignment of a Unique ID to the customers. Physical access to card holder data should be restricted. Fifth, testing and proper monitoring of the networks should be done. Track and monitor all access to network resources and cardholder data. Security systems should be tested properly. Finally, a proper Information Security policy should be maintained.
The card user should also change the default information provided to him or, her by the organization to stay safe. PCI Compliance ensures that even call centers cannot store the recordings which contain any information regarding credit card information. This is completely designed to save people from frauds who use to forge people and get access to the information of their credit cards and use that information to get access to the money stored.
PCI Compliance applies to all the merchant organizations, regardless of the total number of transactions made. Any merchant that accepts or stores any cardholder data. Whenever any customer makes any purchase under the name of the organization, then the PCI Compliance directly applies. Level 4 Merchants have to refer to their Merchant Bank for validation and deadlines. All deadlines are enforced from the merchant banks only.
PCI Compliance is required by all card brands. Protecting the valuable information like pin and card number is the main purpose. There are 6 main requirements for PCI Compliance. A merchant must follow the rules. Firstly, the vendor or the merchant must build and maintain a secure and reliable network. Firewall should be installed and maintained properly to protect the cardholder's data. Vendor given, default passwords should not be used. Secondly, a vulnerability management program should be maintained. Applications should be secured and maintained properly. Anti-virus programs should be updated regularly. Thirdly, strong access control measures should be implemented. Card holder's data should be restricted by business need-to-know. Unique ID should be assigned to each person. Physical access to cardholder data should be restricted. Fourthly, networks should be monitored and tested regularly. Tracking is a necessary measure that should be done. Encrypt transmission of cardholder data across open, public networks.
Fourthly, Implement Strong Access Control Measures. This is done by restricting access to card holder's data by the business need-to-know. Assignment of a Unique ID to the customers. Physical access to card holder data should be restricted. Fifth, testing and proper monitoring of the networks should be done. Track and monitor all access to network resources and cardholder data. Security systems should be tested properly. Finally, a proper Information Security policy should be maintained.
The card user should also change the default information provided to him or, her by the organization to stay safe. PCI Compliance ensures that even call centers cannot store the recordings which contain any information regarding credit card information. This is completely designed to save people from frauds who use to forge people and get access to the information of their credit cards and use that information to get access to the money stored.
About the Author:
Want to find out more about PCI compliance, then visit Rhonda Benjamin's site on how to choose the best PCI compliance resource products for your needs.
No comments:
Post a Comment