|
The Data Security Standard (abbreviated DSS) of the Payment Card Industry PCI offers a collection of Objectives to control the securing of information systems that are involved in getting the transaction or card payment data handled. It was founded in 2004 by the combine efforts of five credit card companies related to credit cards -Visa, MasterCard, JCB International, Discover and American Express. These companies collaborated their own efforts to ensure data security so as to create a generalized standard for all organizations that used their individual payment cards. It leads to a worldwide standard in case of payment by making use of card data. It is the Standards Security Council of the PCI which manages the oversight and standard of its implementation. It was on October 2008 that the 1.2 version of PCI DSS is in prominence. Thus briefly speaking, we can say that PCI DSS demands the companies to create and ensure maintenance a secured network by making use of the firewall configurations and safe passwords, protect the cardholder data in transmission and storage, manage the system vulnerabilities by making use of the secured applications and architectures, implement strict measures for control for getting access to cardholder data, frequently view and test the security processes and network resources and maintain policy for information. Main aim of PCI DSS believes to get reduced the payment card cheating cases as well as to bring down the cost off mitigating the risks related to institutions concerned with such activities. As found from the British Survey of the Crime Report, the costs associated with payment card fraudulent cases amounts to about $960 million which was above 40%higher than the cases recorded the previous year, thereby affecting 6.5% of the card owners. Identity theft which resembled credit card cheating affected about 2 per 10000 people in UK, while the figure was 30 per 10000 persons in the US. In most of the cases merchants bear direct responsibility for such fraud cases and hence have to face serious penalties and clear up costs thus incurred to get the cardholder’s loss of data repaired. Even if such costs are passed to the customers ultimately, financial setbacks are grave and the resulting loss of trust of customers towards the careless firms can be very priceless at times. All the service providers or merchants who accept payment cards branded by the participating cardholder companies enlisted have to follow with PCI DSS. So those companies which do not comply have to meet daily fines till their inadequacies are rectified or specific brand decide a logical compliance plan that can be accepted. But the policies of individual companies vary as per their customers. Firms which have small card transactions yearly might or might not require to manuscript their compliance formally, however bigger firms necessarily require online audit. Moderate sized firms can get their document compliance via Questionnaire for Self Assessment i.e. the SAQ. Today with high financial gains of hackers and secure data being serious concerns for Card Payment Industry, it is a must to have compliance with PCI Information Standards with technical support. Read more about information. All the service providers or merchants who accept payment cards branded by the participating cardholder companies enlisted have to follow with PCI DSS. at Groundlabs.com.
Related Articles -
Credit, Card, Storage,
|
