This post lists some valuable PCI (Payment Card Industry) compliance tips and links to more helpful information and resources.
"The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands." http://en.wikipedia.org/wiki/PCI_Compliance
- You always encrypt card holder data with 256 bit encryption.
- Use 3rd party products and services that are approved for the PCI standard. HackerGuardian or McCafe HackerSafe
- Understand the concept of compensating controls.
- Plan and manage your PCI compliance strategy as an on-going, cross-functional project–not as a one-time event.
- Understand your card holder information and the technical process from end to end.
- Take the time to have your IT team understand the PCI Data Security Standard.
- Storing unnecessary cardholder data beyond receiving the authorization code.
- Thinking that you would not be a target for criminals.
- Trying to create your own crypto solutions or patch together a compliance strategy.
- Assume your vendor / supplier is adequately protecting you.
About the Author
Tony Tullio is a veteran in the interactive business and Director/Founder at Inorbital and always looking for great web apps and useful websites. Let us know what you think about this topic by commenting or rating or connect with him via Twitter LinkedIn