eg: UK or Brides UK or Classical Art or Buy Music or Spirituality
 
eg: UK or Brides UK or Classical Art or Buy Music or Spirituality
 

Your Online Guide » IT Hardwares » Computer Hardware Guide
[W513]What Is Pci Compliance
by Amy Nutt, Amy
The Payment Card Industry Data Security Standard or PCI DSS levies requirements on credit card merchants to safeguard consumers' credit information from malicious behaviour from identity thieves. The payment card industry providers such as VISA, MasterCard and American Express are now enforcing PCI compliance. Non-compliance can result in fines, restrictions or possibly permanent expulsion from card acceptance programs. If your business depends on accepting credit cards, then you have no choice than to become PCI compliant.

The new Payment Card Industry (PCI) data security standards are network security and business practice guidelines developed by Visa, MasterCard, American Express and Discover Card. They were developed to establish a 'minimum security standard' with regards to the protection of cardholders' account and transaction information.

What are PCI DSS requirements?

The PCI Data Security Standard represents a common set of industry tools and measurements to help merchants and credit card processors that store, process or transmit cardholder data ensure the safe handling of sensitive cardholder information. The standard provides an actionable framework for developing a robust account data security process that includes preventing, detecting and reacting to security incidents.

What are the benefits of working with a PCI Compliant Service Provider?

By working with a PCI compliance service provider you can ensure that cardholder account data being processed across your technical environment is protected. PCI DSS protects cardholders and minimizes the risk to your business. The main benefits of implementing the PCI CSS for your organization and working with a provider that is compliant are: - Protecting customer personal data - Increasing customer trust by demonstrating your commitment to the security of their personal information - Protecting your business from financial penalties - Leveraging a hosting provider's existing PCI DSS compliancy investment i.e. your technical infrastructure resides in a data centre that has already been audited - Potential savings starting at $100,000 in capital expenditures by outsourcing to a managed service provider that is PCI compliant

Who has to comply?

- The credit card companies have made it clear that ANY entity that stores, processes, or transmits cardholder data regardless of their transaction volume, are required to comply with the PCI requirements. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs. Recent studies on financial fraud have indicated that hackers are increasingly targeting small, commercial Web sites, increasing the need for all merchants and service providers to become fully compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

What do I need to do to meet the PCI standards?

The PCI standard comprises two basic steps: 1. Pass quarterly remote vulnerability scans conducted by a Visa and MasterCard "Qualified Independent Scan Vendor". Scans are required for all Internet connection points whether they are office networks or home/office connections (dial-up, DSL, cable or wireless) or permanent Internet servers such as your web site and email server, etc. 2. Successful completion of a security self-assessment questionnaire. The self assessment questionnaire asks specific questions about your internal security practices, both on your web site and in your office.

For e-commerce sites that involve online credit card payments, this PCI DSS certification will provide greater security features for business and customers. PCI compliance service providers assure that your confidential data is totally protected.

In response to the growing number of data theft incidents, the PCI Data Security Standard, developed by MasterCard and VISA and also being enforced by American Express, has been put in place to protect cardholder information. Merchants and service providers must implement PCI compliance or face stiff fines.

But this is easier said than done. Whether you are selling books online or groceries at a local store, computer-based transactions result in a log data file that is a fingerprint of user and computer systems activity. Immense volumes of log data are traversing payment networks, necessitating more efficient ways of managing, storing and searching through log data. For example, a typical retailer generates hundreds of thousands of log messages per day amounting to many terabytes per year.

An online merchant can generate upwards of 500,000 log messages every day. One of America's largest retailers has more than 60 terabytes of log data under management at any given time.

These are just a few of the threats that plague payment networks:

•Information theft and leaks: Credit card data can be stolen from unsecured databases run by businesses or payment infrastructure providers. The FTC estimates 27 million Americans had their identities compromised between 2000 and 2005. To prevent information from this type of fraud, businesses must validate customer information and monitor its use.

•Brute force: Hackers leverage computing power to breach security and access payment data. Real-time monitoring solutions can help quickly identify attacks and block them before damage occurs.

•Insider breech: Insiders are often privy to vast amounts of customer payment data, requiring access control and monitoring mechanisms to be in place.

PCI compliance is all about protecting data. Log management and intelligence is a vital part of that. With LogLogic’s PCI Compliance suite, billions of log messages generated by retailers and merchants using credit cards can be made available for enforcing, auditing and automating the requirements and controls expected for compliance with the Payment Card Industry (PCI) data security standard.

Article Source : Pg. 163

About Author
Both Amy Nutt & -- -- are contributors for EditorialToday. The above articles have been edited for relevancy and timeliness. All write-ups, reviews, tips and guides published by EditorialToday.com and its partners or affiliates are for informational purposes only. They should not be used for any legal or any other type of advice. We do not endorse any author, contributor, writer or article posted by our team.

Amy Nutt has sinced written about articles on various topics from Culture and Society, Recreation and Sports and Women. For e-commerce sites that involve online credit card payments, this certification will provide greater security features for business and cust. Amy Nutt's top article generates over 368000 views. to your Favourites.

-- -- has sinced written about articles on various topics from . Jill Ratkevic, is the Public Relations manager for LogLogic. For more information on LogLogic, please visit.. -- --'s top article . to your Favourites.
EditorialToday IT Hardwares has 2 sub sections. Such as Computer Guide and Hardware. With over 20,000 authors and writers, we are a well known online resource and editorial services site in United Kingdom, Canada & America . Here, we cover all the major topics from self help guide to A Guide to Business, Guide to Finance, Ideas for Marketing, Legal Guide, Lettre De Motivation, Guide to Insurance, Guide to Health, Guide to Medical, Military Service, Guide to Women, Pet Guide, Politics and Policy , Guide to Technology, The Travel Guide, Information on Cars, Entertainment Guide, Family Guide to, Hobbies and Interests, Quality Home Improvement, Arts & Humanities and many more.
About Editorial Today | Contact Us | Terms of Use | Submit an Article | Our Authors