preview

Essay on Components of PCI Standards

Good Essays
I. Components of PCI standards
PCI Data Security Standard (PCI DSS)
(PCI DSS) is the base standard for merchants and card processors. It addresses security technology controls and processes for protecting cardholder data. Attaining compliance with PCI DSS can be tough, and can drastically impact your organization’s business processes, service, and technology architecture (Microsoft, 2009). PCI DSS version 1.2 is the most recent version of the standard, and takes the place of all previous versions of PCI DSS. The DSS standard is structured into the group of six principles and 12 requirements.
Payment Application Data Security Standard (PA DSS) (PA DSS) is the baseline for the software developers who commercially develop software for
…show more content…
I. Build and maintain a secure network
Requirement 1: Install and maintain a firewall for the protection of card holder data
Firewall controls the data traffic between internal and external non trusted networks. All systems must be protected from unauthorized access from non trusted networks.
Requirement 2: Do not use default security configurations like logins, passwords
Default settings and configurations are the easiest way to approach any network. These default settings are well known in hacker communities.
II. Protect card holder data
Requirement 1: Protect stored cardholder data
Encryption, masking and hashing are the critical aspects of data security. It is not easy to read the encrypted information without cryptographic keys. Time based storage and disposal policies play an important role. Try to store as minimum amount of cardholder data like there is no need to store verification code, pin number and expiration dates.
Requirement 2: Encrypt transmission of cardholder data across a public networks
Always use encryption before the passing sensitive information to a public networks. Secure socket layer (SSL) is an industry wide protocol for secure communication between client and server. Organizations should avoid using instant messaging applications for the transmission of sensitive data.
III. Maintain a vulnerability management program
Requirement 1: Use up-to-date
Get Access