利用者:RayeSquire471
What's PCI compliance? PCI means Payment Card Industry, which the truth is consists of just five companies, Visa, MasterCard, American Express, Discover, and Japan Credit agency. PCI Security Standards Council is an consortium established in 2006 that mixes the safety recommendations from the five founding institutions and publishes updated versions of PCI compliance requirements.
PCI compliance checklist is intended for merchants, and online service providers who process, transmit, and store payment cards information, such as credit card number, expiration date, and other embedded security codes.
Compliance is essential as in recent times, over hundred million of credit card numbers get compromised annually, causing serious damage to the charge card industry profits.
By being PCI compliant, the merchant reduces the probability of security breach and abuse of customer information. Also, the merchant will likely be able to avoid steep fees related to reestablishing the account security following the breach.
Here, we'll present the shortened form of the PCI compliance guide which, based on PCI Security Standards Council, contains 12 points. Only then do we will present an opposing opinion concerning the PCI compliance solution by merchants.
The 12 aspects of PCI compliance checklist
Listed here are the 12 aspects of the checklist, as given around the PCI Security Standards Council's website. The intent from the checklist is, through PCI compliance audit, establishing and looking after a safe and secure, inpenetrable computer network, protecting cardholder data, continuing vulnerability detection, restricting physical access to computers and equipment holding the cardholder data, continuously inspecting and testing the computer networks, and providing and updating a company-wide security policy:
Install and keep updated a firewall between your public networks and also the payment card data Change vendor-supplied passwords that come with the network and payment processing equipment Keep stored customers data protected: Only store data essential for business purposes, or regulatory purposes Encrypt all transmissions of consumers data over public networks Maintain anti-virus software on all computers Only deploy secure card processing applications and systems Limit access to the customer payment data to as few individuals as you possibly can on the "need to know" basis for necessary business purposes Use building entry authentication such as visitor and employee badges with identification Keep restricted physical accessibility computers and customer data Keep records associated with a access to customer data Regularly test security applications and processes in place Keep all employees informed about your information security policy
Opposing opinion of some merchants: Can there be really only 12 rules?
As you can tell, even though the intent of the PCI security compliance checklist is well taken, the truth is the PCI compliance checklist is nothing but clear. In fact, in the last years, the checklist has been revised many times, mostly in order to increase its clarity.
Still, some merchants claim that, looking deeper into the listing of 12 PCI requirements, a longer listing of over 200 requirements pops up. And if that was not enough, the 200+ requirements continue to be unclear and can be interpreted in numerous various ways.
So, the merchants claim, the PCI compliance checklist hardly helps them because (1) They already have security policies in place that protect a whole lot more than simply credit card information and (2) The paperwork, the 200+ steps, and also the PCI compliance fees are extremely high to make it a profitable undertaking, quite simply, following a PCI requirements checklist is losing them money.
The simple truth is probably somewhere in between. Having a judicial interweaving of PCI compliance checklist into the merchant's existing security protocols, the merchant might be able to match the PCI requirements inside a short amount of time by minimizing the expense while keeping their customer data safe and sound.