Cardholder knowledge thievery has become a problem all merchants should face. As a results of many status incidents over the past few years (i.e., Card Systems & TJX), the cardboard Associations (Visa, MasterCard, yank specific, Discover) were forced to plan knowledge security standards for merchants that method transactions through their networks. The PCI knowledge Security Standards (PCI DSS for short) were publicized in September 2006 and represent a combined effort of all the most important card brands, like Visa, Mastercard, specific, to supply uniform knowledge security standards and necessities. PCI DSS affects any bourgeois that stores, processes, or transmits cardholder knowledge. which means ALL merchants area unit affected.
So however does one comply? the primary step is to develop written policies, procedures and protocols that address the twelve core necessities of PCI DSS and so validate your compliance supported the bourgeois class you’re in.
The twelve core necessities of PCI DSS are:
1. Install and maintain a firewall configuration to shield cardholder knowledge
2. don’t use vendor-supplied defaults for system passwords and alternative security passwords
3. shield keep cardholder knowledge
4. encode transmission of cardholder knowledge across open, public networks
5. Use and often update anti-virus computer code
6. Develop and maintain secure systems and applications
7. limit access to cardholder knowledge by business need-to-know
8. Assign a singular ID to every person with pc access
9. limit physical access to cardholder knowledge
10. Track and monitor all access to network resources and cardholder knowledge
11. frequently take a look at security systems and processes, AND
12. Maintain a policy that addresses data security
Some of these necessities can have to be compelled to be provided to you by your internet hosting company et al can have to be compelled to be provided by your go-cart marketer.
You may already be fulfilling several of the core necessities like dynamical the default positive identification of the go-cart once it absolutely was put in and buying Associate in Nursing SSL certificate from an organization like Comodo to assist encode knowledge between the browser and therefore the server.
If you expertise a knowledge breach and area unit found to not be in compliance you may be subject to fines up to $500,000 per incident from the cardboard associations.
Russ Gottlich, certified public accountant is President of FDIS Loud ( [http://www.fdisloud.com] ), Associate in Nursing freelance agent workplace of 1st knowledge freelance Sales (FDIS), a number one supplier of payment process services and tools for net and retail merchants worldwide. Russ given “Best Practices in Electronic Payment Processing” at HostingCon2007.