Safeguarding Cardholder Data Through PCI Compliance

The safety of consumer card account information is- Protect Cardholder Data:
critical for the success of eCommerce businesses.
Before they order products and services online,1. Protect stored data.
consumers want to be sure that their account2. Encrypt transmission of cardholder data and
information is safe and will not be compromised andsensitive information across public networks.
misused. To address this need, the Credit Card- Maintain a Vulnerability Management Program:
Associations joined forces to create a program that
spells out the procedures that eCommerce1. Use and regularly update anti-virus software.
merchants must implement into their organizations in2. Develop and maintain secure applications.
order to protect sensitive personal data.- Implement Strong Access Control Measures:
All merchants are required to comply with the
requirements set forth in the Payment Card Industry1. Restrict access to data on a need-to-know basis.
(PCI) Data Security Standard (DSS). The Standard is2. Assign a unique ID to each person with computer
a result of a collaboration between Visa andaccess.
MasterCard to create common industry security3. Restrict physical access to cardholder data.
requirements for protection of sensitive cardholder- Regularly Monitor and Test Networks:
information. Other credit card companies have
endorsed the Standard within their their programs.1. Track and monitor all access to network resources
The PCI consists of twelve basic requirements,and cardholder data.
grouped into seven standards.2. Regularly test security systems and processes.
- Build and Maintain a Secure Network:- Maintain an Information Security Policy:
1. Install and maintain a firewall to protect data.1. Maintain a policy that addresses information
2. Do not use vendor-supplied passwords and othersecurity.
security parameters.