Software Gone are the days of paper money as it is the age of plastic money. From paying bills, booking tickets to buying groceries, people now depend on debit cards, credit cards, prepaid cards, e-purse cards, ATM cards, or POS cards. Though on one hand it has made life easier,on the other hand, it has enhanced security risks considerably. We live in an age where every single personal detail is worth money. For instance, in the case of plastic money, everything from Primary Account Number (PAN), Pin Verification Value (PVV), security code, service code, expiration date to cardholder name are sensitive data. With Scammer severy where looking for the right opportunity to strike and get away with the stolen personal information, the onus is upon all those who store, process and transmit credit card information to take measures to prevent the misuse of credit card data. And the best way to accomplish it is by complying with PCI compliance guidelines. Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements developed by major credit card companies to prevent the misuse of credit card information. Complying with these requirements would help merchants and service providers to provide a safe shopping experience for customers.PCI DSS was originally the security programs of fivemajor credit card brands namely MasterCard, American Express, Visa Card, JCB and Discover. In 2006, the companies aligned their individual security programs to form the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS guidelines consist of 6 control objectives and 12 requirements namely: 1) Build and Maintain a Secure Network i) Install and maintain a firewall configuration to protect cardholder data ii) Do not use vendorsupplied defaults for system passwords and other security parameters 2) Protect Cardholder Data i) Protect stored cardholder data ii) Encrypt transmission of cardholder data across open, public networks 3) Maintain a Vulnerability Management Program i) Use and regularly update antivirus software ii) Develop and maintain secure systems and applications 4) Implement Strong Access Control Measures i) Restrict access to cardholder data by business needtoknow ii) Assign a unique ID to each person with computer access iii) Restrict physical access to cardholder data 5) Regularly Monitor and Test Networks i) Track and monitor all access to network resources and cardholder data ii) Regularly test security systems and processes 6) Maintain an Information Security Policy i) Maintain a policy that addresses information security Merchants and service providers can easily ensure compliance with PCI DSS by deploying a PCI compliance management solution, but most fail to do so. In the second part of this article, we will look at PCI validation requirements and the consequences of not being PCI compliant. About the Author: 相关的主题文章: