Payment processing in Canada: PCI DSS, part 1
PCI DSS and credit card payment processing
The Payment Card Industry Data Security Standard (PCI DSS) is the major regulatory change that you are likely to face this year. We recently provided an overview of PCI DSS. In this article, we’ll discuss it in more detail.
What is PCI DSS?
The PCI Security Standards Council developed PCI DSS to increase data security in credit card payment processing. The PCI DSS applies to all organizations that transmit, process, or store credit card data. Note that while the PCI Security Standards Council developed PCI DSS, the regulations are actually enforced by credit card associations like Visa, MasterCard and American Express.
The PCI DSS has six “control objectives” that include a total of 12 compliance requirements. According to the PCI Security Standards Council, the control objectives are:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security.
In our next article, we’ll discuss how PCI DSS can affect your business.
This entry was posted on Tuesday, March 16th, 2010 at 3:34 pm and is filed under Industry advice and tagged with compliance, payment processing, PCI DSS, security. So far, there’s been no comments.
Related stories
Payment processing products
Move money with our electronic funds transfer service and credit card processing products.
Learn more about our payment processing products
Profit Magazine ranks VersaPay No. 1
Benefits
Get set up with a secure and reliable solution at an agressive rate and with unparalleled customer service.
See how your business will benefit
Comments about this story