My Merchant Account Blog
You can now contact us at 888-928-5280 ext 822
Winning the PCI Compliancy War
Wednesday, December 03, 2008
A lot of merchants hear PCI DSS (Payment Card Industry Data Security Standard) and figure they don't have anything to worry about. Unfortunately that is not the case. Every merchant needs to start reading and learning about PCI.Let's start with just the basics and later we can talk about the requirements. MasterCard created their own plan called Security Data Protection (SDP). Visa actually had two programs: (international) Account Information Security (AIS) and Cardholder Information Security Plan (CISP). In 2006, five card associations (payment brands) including Visa International, MasterCard, JCB, Discover Financial Services, and American Express came together to jointly form the PCI Security Standards Council.
The PCI DSS requirements apply to merchants, network members, and service provider that store, hold, process, or transmit cardholder data. There are twelve requirements divided into six categories:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Approved Scanning Vendors
Approved Scanning Vendors (ASV) can complete the quarterly scan for your company. Only choose a vendor that is listed Approved Scanning Vendors web page. Otherwise, you might compromise your data or the scan will not be accepted by the council. The scan requirements are quite rigid - all 65,535 ports will be scanned. Any vulnerability that is rated between three to five must be fixed. You will also get two reports:- An executive summary report with a PCI approved compliance statement suitable for submission to acquiring banks for validation
- A technical report that details all vulnerabilities detected with solutions
Selecting a PCI Network Security Testing Service
While there are a number of Approved Scanning Vendors listed, there are three critical things to look for when choosing a company:- Accuracy: False positives can increase the activities and costs that are associated with these false positives (and even false positives). You do not want the company to generate a large number of false positives / false negatives that will increase the amount of time you have to work through each issue.
- Efficient Vulnerability Remediation Process: The company should offer technical support to fix each issue found.
- Automated Report Preparation and On-Line Filing: This will reduce your work and time you spend on getting PCI compliance if the company offers automatic preparation and electronically filing.
Complying with PCI DSS
While the card organizations came together to help form the PCI DSS council to help set the standards, each card association (brand) has its own security program for compliance:- MasterCard Worldwide: Standard Data Protection (SDP)
- American Express: Data Security Operating Policy (DSOP)
- Discover Financial Services: Discover Information Security & Compliance (DISC)
- Visa Incorporated: Cardholder Information Security Program (CISP)
- JCB International: JCB Data Security Program
Comments
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Chargebacks (20)
- Electronic Payment Gateways (7)
- In The News (11)
- LinkPoint Gateway (4)
- Merchant Account Fees (23)
- Merchant Account Terminology (80)
- Merchant Accounts (34)
- Miscellaneous (20)
- PCI DSS (14)
- Quantum Gateway (8)
- Security (8)
- Web Hosting and Design (7)
My Merchant Account Blog Archives
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- October 2010
- August 2010
- July 2010
- January 2010
- December 2009
- September 2009
- August 2009
- May 2009
- April 2009
- January 2009
- December 2008
- September 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Visa Chargeback Reason Code 75 - Transaction Not Recognized
- Visa Chargeback Reason Code 74 - Late Presentment
- Visa Chargeback Reason Code 73 - Expired Card
- Visa Chargeback Reason Code 72 - No Authorization
- Visa Chargeback Reason Code 71 - Declined Authorization
- Visa Chargeback Reason Code 62 - Counterfeit Transaction
- Visa Chargeback Reason Code 60 - Illegible Fulfillment
- Visa Chargeback Reason Code 57 - Fraudulent Multiple Transactions
- Visa Chargeback Reason Code 41 - Cancelled Recurring Transaction
- PCI Compliance - A Review of Consumer Benefits
About My Merchant Account Blog
My Merchant Account Blog SiteMap
Sign Up for an Internet Merchant Account
Get a Merchant Account today - No Contracts, No Termination Fees
Merchant Account
Resources Directory
Check out the new
Merchant Account Resources Directory
Feel Free to submit you link!
My Merchant Account Blog SiteMap
- Main SiteMap
- Merchant Account
- Electronic Payment Gateways
- Merchant Account Fees
- Merchant Account Terminology
- Quantum Gateway
- LinkPoint Gateway (even though rebranded ad the First Data Global Gateway, it still has a lot of faults and extra charges, we recommend the Quantum Gateway)
- Security
- PCI DSS
- In The News
- Miscellaneous
- Chargebacks
- Web Hosting and Design
Publishers
- Corey R Bryant
- Charles Summerfield
- Randy Goldblum
- Alexander Glasso
If you would like to publish a unique article on My Merchant Account Blog, please contact us.