PCI Compliance Case Study

995 Words4 Pages
The Importance of PCI Compliance to Business Owners Summary If you are an online retailer and accept credit, debit, ATM, or POS cards as a payment method, you need to know what PCI is and adhere to PCI DSS. What is PCI compliance and what it takes to be PCI compliant? PCI is the abbreviation of Payment Cards Industry, and DSS stands for Data Security Standard, The latter regulates the way credit/debit cards are processed to make sure that customer's card credentials is secure during transactions. All retailers accepting credit/debit cards should be PCI compliant, regardless of the size of their business or the industry they are in. Why Should E-commerce be PCI Compliant? Payment Cards Industry Data Security Standard (PCI DSS) is a data…show more content…
The Primary Goals of PCI DSS 1.To build and maintain a strong and secure network 2.To Safeguard cardholder information 3.To maintain a vulnerability management program 4.To enforce strong access control measures 5.To monitor and test networks on a regular basis 6.To maintain an Information Security Policy The Twelve Core Requirements for PCI Compliance for Businesses 1.Should install and maintain a firewall configuration to safeguard cardholder information 2.Should not use defaults supplied by vendors for system passwords and other security parameters 3.Should safeguard stored cardholder credentials 4.Should encrypt transmission of cardholder information across open, public networks 5.Should use and update antivirus software regularly 6.Should develop and maintain secure systems and apps 7.Should not allow access to cardholder credentials by business need to know 8.Should assign a unique ID to each person with system access 9.Should restrict physical access to cardholder information 10.Should keep tabs on all access to cardholder data and network resources 11.Should test security systems and processes…show more content…
12.Should encrypt all non-console admin access 13.Should allow remote access to payment app Payment Terminals for Businesses To process online payments, retailers need to secure the website that is capturing the customer's card data (the checkout area) and the website accepting the card payment (payment processor). Transactions are done via a payment gateway, which is the equivalent to the POS terminal for physical stores. A payment gateway is an e-commerce app service provider (ASP) authorizing online payments. Payment gateways, such as PayPal's PayFlow, safeguard credit/debit card data by encrypting the information to safely pass the data between vendor, customer, and payment processor. This is accomplished via Secure Socket Layer (SSL) encryption. Therefore, payment gateways should ensure this data transfer mechanism is safe and adhere to PCI DSS and PA-DSS for online, offline, and phone orders. Online Store Platforms That Should be PCI Compliant Even if a retailer's payment gateway is certified by PA-DSS, the shopping cart checkout should also be PCI compliant. Why? Because this is the area where customers enter their card details before the data is transferred to a payment gateway. Therefore, PCI compliance is

More about PCI Compliance Case Study

Open Document