Payment security is a topic that often gains headline attention for companies when they least want it. Security breaches leading to the exposure of sensitive private customer data seem to emerge at least once a quarter from payment processors, merchants and even banks. If your business accepts electronic payments or stores customer payment card data within your infrastructure, security is paramount, and the payment card industry has gone so far as to establish its own standards to guide organizations that store account and transaction data.
The PCI-DSS or Payment Card Industry Data Security Standard was established and is maintained by leading security authorities from the payment card networks including Visa, MasterCard, Discover and American Express. The standard provides information security guidance and an auditable checklist of measures for organizations to protect this sensitive data. The 12 primary requirements cover six major objectives: network security, sensitive data encryption (must be protected wherever it is stored), anti-virus/spyware/malware protection on systems, limited access to systems hosting or processing sensitive data, on-going network security monitoring and the establishment & maintenance of a formal security policy. The detailed standard is available here: https://www.pcisecuritystandards.org.
Depending on the number of processed transactions in your organization, sets of standards have been put in place for implementation with audit requirements ranging from a self-assessment to formally required reviews by a Qualified Security Assessor (QSA) that after evaluating your organization’s practices, procedures and infrastructure issues a Report on Compliance (ROC) giving their assessment and suggesting remedies where needed. A list of QSA’s is available here: https://www.pcisecuritystandards.org/approved_companies_providers/qualified_security_assessors.php.
You may not be hosting this sensitive data internally, but if you are currently or are considering doing business with an external payment services provider that would be housing payment data on your behalf, check out Visa’s list of certified providers here: http://www.visa.com/splisting.
Most importantly, in order to maintain full PCI-DSS compliance, regular Network, Application, Process and Policy audits must be conducted on a regular basis to ensure the security standard implemented at your company is performing on an optimum level and that no security vulnerabilities have been introduced or left undetected.
For more information about secure payment standards, contact Superior Technology Solutions. We look forward to sharing our extensive technology background with your organization. For more information, visit us on the web at www.SuperiorTechnology.com or call us at 845-735-3555.
Comments are closed.