Home » Internet » E-Commerce

PCI Data Security: The Standard that Raised the Bar

Jan 9, 2008
When consumers offer their bank or credit card over the Internet, phone or from some point of sale somewhere, it's usually never a second thought for someone to wonder if that data is safe or not. Well, if it weren't for standards that credit card companies and merchants adhere to, information could be hanging out there for any cyber thief to try their hand at grabbing.

Every credit card agency has its own unique standard on how transaction and personal data is handled. From MasterCard to Visa they all touch on similar aspects of how to maintain card data properly, from merchant to card agency.

Since then big stories on the tech news circuit came about in regards to card numbers being stolen from agencies and merchants alike. In light of this type of news, the big names in the Credit Card industry coalesced their security knowledge and have come up with the standard rules, a reference for all of those involved in the transaction called the Payment Card Industry Data Security Standard.

How to be PCI Compliant

Credit card data is transmitted, stored and processed so there are a variety points where hackers try to interfere with the process to leak information. PCI Security Standards Organization laid out 12 main points for all the card data handlers to adhere to become PCI DSS compliant:

- Regular testing of their security systems and processes
- Create and maintain an in-house policy for addressing security issues
- Restrict physical access to credit card data and owner's information
- Have a tracking system to monitor all access to the network and credit card data
- Those who have access maintain and use an unique ID
- Keep a policy that restricts access to only a need-to-know basis
- Routinely run up to date antivirus software
- Maintain a sound secure system and application software
- Encrypt cardholder data and sensitive information across the network
- Protect data that is stored
- Create own system passwords, never use the network software's defaults
- Maintain a sound firewall

Any company that accepts, processes, or stores credit card information becomes PCI DSS compliant based on the number of transaction they process a year.

There are four levels of degrees that the industry distinguishes. For a point of reference, level one processors run 6 million or more transactions a year, while a level four would transact under 20,000. All must maintain compliance or risk heavy fines if there is a breach in their data control.
About the Author
Art Gib writes for Brain Tree Payment Solutions (http://www.braintreepaymentsolutions.com) who offer payment processing services to many major companies. Braintree Payment Solutions offers a suite of payment processing services that adhere to PCI DSS compliance.
Please Rate:
(Average: Not rated)
Views: 237
Print Email Share
Article Categories