What is the standard for data security in the area of payment cards?
Data security standard (PCI DSS) is a set of instructions and proven procedures provided to all businesses and other entities that process, transfer or store credit card data. These instructions have been developed by the PCI (PCI) Council (PCI) and aim to prevent data leaks and the resulting fraud in identity and credit card theft. The PCI of the DSS is involved in three ongoing phases: the assessment of business processes and identifying potential risks, remedying these risks and reporting efforts to comply with relevant banks and other credit card publishers.
Paramount in Payment Card Industry Data Security Standard Compliance is the creation and maintenance of a secure computer network. Between the card holders, the Robust Firewall gateway must be created and an external network access. System passwords should be implemented together with other security measures at any potential point of vulnerability of the network.All card holders must be safely stored and must be encrypted when transmitting across public networks. The ongoing measures include the use of antivirus software and limited physical or computer access to staff on the basis of commercial needs.
There are many tools and services that help organizations in dealing with PCI DSS. While PCI SSC sets PCI compliance standards, all the main credit card brands have created their own standards with regard to the recovery and compliance with these standards and credit card verification procedures. Each of these companies offers online and other instructions to organizations that receive their cards. PCI SSC also operates a program that approves qualified security evaluators who verify compliance with the data security standard in the payment card industry. For organizations that move themselves complianceIt is a validation tool called questionnaires for self -evaluation in several forms, each adapted to a specific business environment.
The key prerequisite in accordance with compliance with the data security standard in the area of credit card data is the credit card data necessary for the needs of the organization. The stored data should be subjected to time limits and data authentication data should never be stored. All account numbers and other sensitive data that are transmitted in public networks must be partially masked.
Further PCI DSS measures include the creation and maintenance of the vulnerability management program that creates secure applications and programs. Routine monitoring and network testing is also required to identify weaknesses. Each organization must also maintain and distribute written security policy to all employees.