PCI Fast Facts and Tips

Nov 22, 2010

This post lists some valuable PCI (Payment Card Industry) compliance tips and links to more helpful information and resources.

PCI compliance credit card
"The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands."  http://en.wikipedia.org/wiki/PCI_Compliance
Ensure:
  • You always encrypt card holder data with 256 bit encryption.
  • Use 3rd party products and services that are approved for the PCI standard. HackerGuardian or McCafe HackerSafe
  • Understand the concept of compensating controls.
  • Plan and manage your PCI compliance strategy as an on-going, cross-functional project–not as a one-time event.
  • Understand your card holder information and the technical process from end to end.
  • Take the time to have your IT team understand the PCI Data Security Standard.
Avoid:
  • Storing unnecessary cardholder data beyond receiving the authorization code.
  • Thinking that you would not be a target for criminals.
  • Trying to create your own crypto solutions or patch together a compliance strategy.
  • Assume your vendor / supplier is adequately protecting you.

 


About the Author

Tony Tullio

Tony Tullio is a veteran in the interactive business and Director/Founder at Inorbital and always looking for great web apps and useful websites. Let us know what you think about this topic by commenting or rating or connect with him via Twitter  LinkedIn