Wiki describes the PCI DSS as “the standard created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is done annually — by an external Qualified Security Assessor (QSA) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.” In more simple terms it means that the Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. It protects your personal information from falling into the hands of hackers.
The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express, to help protect consumer’s security. There are 6 major objectives that PCI DSS determines to accomplish.
First, a secure network must be maintained in which transactions can be conducted. This requirement involves the use of firewalls and trust seals that are strong enough to be effective without causing undue inconvenience to cardholders or vendors. Specialized firewalls are available for wireless LANs, which are highly vulnerable to eavesdropping and attacks by malicious hackers.
Second, cardholder information must be protected wherever it is stored. Security trust seals and penetration testing are crucial to having your personal information remain secure. Digital encryption is important in all forms of credit-card transactions, but particularly in e-commerce conducted on the Internet.
Third, systems should be protected against the activities of malicious hackers by using frequently updated anti-virus software, anti-spyware programs, and other anti-malware solutions like those offered by Trust Guard. All applications should be free of bugs and vulnerabilities that might open the door to exploits in which cardholder data could be stolen or altered.
Fourth, access to system information and operations should be restricted and controlled. Cardholders should not have to provide information to businesses unless those businesses must know that information to protect theselves and effectively carry out a transaction. Every person who uses a computer in the system must be assigned a unique and confidential identification name or number.
Fifth, networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, are functioning properly, and are kept up-do-date. Network security is essential to be successful and hacker free.
Sixth, a formal information security policy must be defined, maintained, and followed at all times and by all participating entities. Enforcement measures such as audits and penalties for non-compliance may be necessary.
PCI DSS was created to keep our online information safe and secure, away from hackers and viruses.
Walang komento:
Mag-post ng isang Komento