We are in the midst of a 'shop online' trend explosion. Internet retailers are continuously reinventing how we [customers] shop online. Whether it's via our mobile devices, PCs, or in-store kiosks, there is a myriad of new options for transacting business that carry both positive and negative implications for the consumer and the retailers themselves. We need to know that our online stores are following the pci compliance standards.
According to the Security Standards Council, there are 12 compliant requirements that meet a variety of security goals. These goals are: Building and maintaining a secure network, protecting card holder data, maintaining a vulnerability management program, implementing strong access control measures and maintaining an information security policy. Here's your guide to the four different levels of compliance as mandated by the major payment card brands, Visa and Mastercard, as well as action items for each.
Level 1: Your company has over 6 million Visa and/or Mastercard transactions processed per year. This level requires yearly on-site reviews by an internal auditor, and a network scan by an approved scanning vendor (ASV). Level 2: You have 1 million to 6 million Visa and/or Mastercard transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and this level requires a network scan with an approved scanning vendor.
You may be wondering what compliance actually translates to in your business. It could mean performing self-assessment questionnaires to ensure that your company is on track, or it could mean removing the complete numbers and expiration dates of credit cards from receipts. Quarterly scans could also be conducted to scout out any vulnerability in your system and pinpoint troublesome areas. Perhaps your company needs to install new credit card processing equipment that offers Triple DES PIN encryption. Full compliance is an ever-changing task for businesses that needs steady attention-it is not a one-time achievement.
When you stay compliant, you are part of the solution - a united, global response to fighting payment card data compromise. Compliance has indirect benefits as well. Through your efforts to comply with Security Standards, you'll likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc.
According to the Security Standards Council, there are 12 compliant requirements that meet a variety of security goals. These goals are: Building and maintaining a secure network, protecting card holder data, maintaining a vulnerability management program, implementing strong access control measures and maintaining an information security policy. Here's your guide to the four different levels of compliance as mandated by the major payment card brands, Visa and Mastercard, as well as action items for each.
Level 1: Your company has over 6 million Visa and/or Mastercard transactions processed per year. This level requires yearly on-site reviews by an internal auditor, and a network scan by an approved scanning vendor (ASV). Level 2: You have 1 million to 6 million Visa and/or Mastercard transactions processed per year. You must complete a Self-Assessment Questionnaire (SAQ) annually, and this level requires a network scan with an approved scanning vendor.
You may be wondering what compliance actually translates to in your business. It could mean performing self-assessment questionnaires to ensure that your company is on track, or it could mean removing the complete numbers and expiration dates of credit cards from receipts. Quarterly scans could also be conducted to scout out any vulnerability in your system and pinpoint troublesome areas. Perhaps your company needs to install new credit card processing equipment that offers Triple DES PIN encryption. Full compliance is an ever-changing task for businesses that needs steady attention-it is not a one-time achievement.
When you stay compliant, you are part of the solution - a united, global response to fighting payment card data compromise. Compliance has indirect benefits as well. Through your efforts to comply with Security Standards, you'll likely be better prepared to comply with other regulations as they come along, such as HIPAA, SOX, etc.
About the Author:
Learn more about the pci compliance standards. Stop by Kate Bailey's site where you can find out all about the payment card industry compliance standards and what they can do for you.
Không có nhận xét nào:
Đăng nhận xét