PCI Compliance Update

Dec 1, 2007
by Christopher Heine

There are few things more important for ecommerce sites than being PCI DSS compliant. The problem is that many companies doing business on the Internet are not aware of what being compliant means. PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). It was developed by major credit card companies as a guideline to help companies and organizations that process card payments prevent credit card fraud, hacking and various other security infringements.

If a company processing, storing or transmitting credit card numbers is not PCI DSS compliant, they risk losing the ability to process these payments. Noncompliant firms potentially face fines of up to $500,000 per incident. Even if a company has made strides for compliancy, the job is never quite finished. Merchants and service providers must regularly validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) company.

Ecommerce firms are left in a bit of a quandary, as they must find products or technologies that can help them meet the standard's requirements. This is made more difficult by the fact that no product is PCI compliant; compliance is met by members, merchants or service providers, not by products. There is no single product, service or technology that can address all aspects of the standard, leaving the affected parties to search for a variety of tools to create a solution.

When evaluating solutions to comply with the standard, organizations should consider two key criteria: First, whether the product can help achieve compliance with the standard, and second, whether the product itself is secure and addresses various aspects of the PCI. The technical language of this subject can intimidate marketers and business operators and drive them from the problem, rather than attacking it head on. But it is imperative that you check out the end of this article to see what service providers can help. Without question, getting started on this problem sooner rather than later is recommended.

Marketers need to educate themselves about the problem before beginning discussions with services vendors. Talk to your IT team and find out their views. Go over what is known about the problem. Even though the dilemma is complicated, the PCI DSS standards can be summarized in 12 parts:

  1. Install and maintain a firewall.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored data.
  4. Encrypt transmission of cardholder data and sensitive information across public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications.
  7. Restrict access to data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.
For additional general information:

PCI Security Standards Council, LLC
401 Edgewater Place, Suite 600
Wakefield, MA 01880
Tel.: 781-876-8855
Website: www.pcisecuritystandards.org

PCICompliance.org
Website: www.pcicomplianceguide.org

Vendors to contact for more info:
Authorize.Net
915 South 500 East Suite 200
American Fork, UT 84003
Tel.: 801-492-6450
Fax: 801-492-6489
Website: www.authorize.net

Scan Alert
860 Napa Valley Corporate Way, Suite R
Napa, CA 94558
Tel.: 707-224-7656
Toll Free 877-302-9965
Fax: 707-252-9626
Website: www.scanalert.com

OPNET Technologies, Inc.
7255 Woodmont Avenue
Bethesda, MD 20814
Tel.: 240-497-3000
Website: www.opnet.com

Voyence, Inc.
1801 North Glenville Drive
Richardson, TX 75081
Tel.: 972-759-4000
Fax: 972-759-3998
Toll Free 866-233-7569
Customer support: 866-433-7569
Website: www.voyence.com

TrustWave
120 N LaSalle Street, Ste. 1250
Chicago, IL 60602
Tel.: 312-873-7500
Fax: 312-443-8028
Website: www.trustwave.com

VeriSign, Inc.
487 East Middlefield Road
Mountain View, CA 94043
Tel.: 650-961-7500
Fax: 650-961-7300
Website: www.verisign.com

Ecora Software Corp.
2 International Drive
Portsmouth, NH 03801
Tel.: 877-923-2672
Fax: 603-436-1604
Website: www.ecora.com

Cloakware Inc.
8320 Old Courthouse Road, Suite 201
Vienna, VA 22182
Tel.: 703-752-4830
Fax: 703-752-2412
Website: www.cloakware.com

Tizor
5 Clock Tower Place, Suite 400
Maynard , MA 01754
Tel.: 978-243-3200
Fax: 978-823-5160
Toll Free: 800-231-8224
Website: www.tizor.com

SecuriGo
Website: www.securigo.com

Topic: Business Strategies

Related Articles: PCI compliant 

Article ID: 449

Entire contents ©2024, Sumner Communications, Inc. (203) 748-2050. All rights reserved. No part of this service may be reproduced in any form without the express written permission of Sumner Communications, Inc. except that an individual may download and/or forward articles via e-mail to a reasonable number of recipients for personal, non-commercial purposes.