If you store, process, or transmit cardholder data you must be compliant by July 1, 2010 with the PCI-DSS requirements. PCI-DSS stands for Payment Card Industry Data Security Standards. Within 90 days, requirements established by the five major credit card networks including: American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International, will affect many businesses’ ability to accept credit cards.
PCI-DSS is a set of requirements for enhancing payment account data security. Its standards include requirements for security management, policies, procedures, network architecture, software design, and other measures created to protect customer account data. There are 12 requirements that fall into six categories:
1. Build & maintain a secure network:
- Build and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
2.Protect Cardholder Data:
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
3. Maintain a vulnerability management program:
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
4. Implement strong access control measures:
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
5. Regularly monitor and test Networks:
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
6. Maintain an information security policy:
- Maintain a policy that addresses information security.
So, how many of the above Regulations have you implemented?
Did You Know???
Already implemented, in MAS90/MAS200, are inherent security features that provide the following features:
- All credit card information is stored securely, encrypted through the use of algorithms.
- Credit card transactions can be closely monitored via the Credit Card Log, which can be printed and/or purged.
- Access to Credit formatted credit card information in inquiry or on printed reports can be determined by User, in User Maintenance.
- Additional security is available via Role Maintenance.
- MAS90/MAS200 has the capability of clearing expired credit cards during Period End Processing or via manual Utility menu item.
(Remember: ONLY MAS90/200 versions currently in compliance with PCI-DSS Standards are MAS90/200 Versions 18.104.22.168 and 4.4.0.01)
For more information, log on to https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
The web site includes FAQ’s, Hot Topics, most recent articles and a PCI-DSS Self Assessment Questionnaire.