RSS Feed

Tips for maintaining PCI compliance

April 24th, 2012 FAKE NEWS for the Zionist agenda

Too many companies are neglecting to keep up to date with the standards required for accepting electronic payments, even though compliance is easily achieved by following three simple rules, according to Securus Global senior security consultant Steven Surdich.

(Credit Card image by Thomas Kohler, CC BY-SA 2.0)

Surdich said that in his experience, companies are treating Payment Card Industry Digital Security Standard (PCI DSS) like a once-per-year obligation.

PCI DSS, often referred to as just PCI or PCI compliance, is a security standard developed by the Payment Card Industry Security Standards Council (of which credit providers like Visa, MasterCard and American Express are members). It consists of 12 overarching requirements, which, when implemented correctly, are meant to better protect cardholder data and thus reduce credit card fraud.

To ensure that these requirements are continually met, organisations that handle large numbers of transactions are audited by an external Qualified Security Assessor (QSA) annually, but, according to Surdich, the annual check-up has resulted in organisations forgetting about or neglecting PCI compliance until the audit date.

He said that symptoms of such behaviour include seeing an increase in last-minute activity, or an apparent spontaneous outbreak of patching behaviour as the audit date approaches.

“We’ll see service tickets labelled ‘patching for PCI’. It’s pretty obvious how some companies approach it,” Surdich said.

Despite this behaviour, PCI compliance is meant to be a year-round effort to ensure that customer payment details are constantly protected, and not just in a single, once-off activity. Surdich highlighted companies’ obligations as stated in their Attestation of Compliance: “The merchant has read the PCI DSS, and recognises that they must maintain full PCI DSS compliance at all times“.

Although many companies appear to be having difficulty in doing so, Surdich said it is simple if they follow the three basic rules: controlling changes to the cardholder environment; maintaining oversight of their activities; and simplifying compliance processes.

Read on to page two to see Surdich’s tips for guarding the cardholder environment.


Related posts:

Driver of multi-millionaire racehorse owner wins unfair dismissal claim after being sacked because h...
A researcher: 66% of Jerusalemites threatened with displacement
‘Iran influential in resolving Syria crisis’
'Moms for Mitt' Flock to New Romney Facebook Community [EXCLUSIVE]
Samsonite recalls Tokyo Chic luggage after chemical scare
The Truth About Disease
Posted in IT News Tags: ,
«
»
You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes