Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is the standard that all organizations, including online retailers, have to follow when storing, processing and sending their customer credit card data.
Data Security Standard (DSS) standards are developed and managed by the Payment Card Industry Security Standards Council (PCI SSC). To become PCI complaint the company must use a firewall between the wireless network and their cardholder data environment, using the latest security and authentication as WPA/WPA2 and also change the default settings for privacy lock cable, and network intrusion detection system.
PCI DSS standards, as of September 2009 (DSS v 1.2), consists of the following 12 requirements for security best practices:
Build and Maintain Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protecting stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update antivirus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintaining Information Security Policy
12. Maintain a policy that addresses information security
Description: PCI DSS,Payment Card Industry (PCI) Data Security Standard (DSS)
Rating: 4.5
Reviewer: Unknown
ItemReviewed: PCI DSS,Payment Card Industry (PCI) Data Security Standard (DSS)
PCI DSS standards, as of September 2009 (DSS v 1.2), consists of the following 12 requirements for security best practices:
Build and Maintain Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protecting stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update antivirus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintaining Information Security Policy
12. Maintain a policy that addresses information security