Home Add to Favorite Contact Submit  
             19 March, 2024
 

    
Category:  Articles » Business » Strategic-Planning

 

A Methodical Approach to PCI Compliance

Popularity:
         Views: 2198
2008-04-28 08:10:02     
Article by Andy Eliason

The PCI DSS, or Payment Card Industry Data Security Standard, is a set of standardized requirements that merchants who store, transmit, or process sensitive information must adhere to. These requirements can be complex and time consuming, but if you take a more methodical approach to PCI compliance, some of those mandated procedures might not be so bad.

The fist step is to analyze your priorities. How important is PCI compliance to you? But before you answer that question, you need to understand some of the recent happenings in the payment card industry.

More and more, stories of security breaches are reaching the public notice. The poster-child for huge losses of sensitive information is the TJX company. Beginning in July of 2005, hackers spent nearly 18 months exploiting weaknesses in their system and stealing countless credit card numbers.

The financial damage to TJX has been estimated in the hundreds of millions of dollars by some companies. The damage to their reputation, on the other hand, is no less detrimental to the company, even if it is a little harder to put an exact figure on.

So, have you properly prioritized PCI compliance? It's a number one priority, now? Good. Let's move on.

The next step is to identify the people in your company that will be responsible for PCI compliance measures. Assemble this team and make sure they understand their responsibilities. There has to be a dedicated person (or team) to oversee the compliance procedures or it will not get done. Let's face it, responsibilities that are not specifically assigned are very easily shifted around until no one knows who was supposed to what, or when it was supposed to be done.

You must then determine your merchant level. There are four different levels, and each have different requirements for PCI compliance depending on the size of your company - or, in other words, the volume of transactions your company processes.

Once these items have been addressed, you need to make sure that everyone in your organization is aware of your Informations Security Policy and that it is strictly enforced. This is, in fact, one of the specific requirements of PCI compliance.

Specifically, requirement 12 states that merchants must: "Maintain a policy that addresses information security." The reason for this requirement is simple. The strictest measures in the world don't mean much if the individual employees in the company don't understand the sensitive nature of the information they are supposed to protect, and their own responsibilities toward it.

This requirement encompasses practices such as developing daily operational security procedures, developing usage policies (how and when to access networks, etc), and making sure that all employees and contractors understand these policies.

Next, as you come closer to PCI compliance you will likely discover many areas where you security procedures are somewhat lacking. Address these issues immediately and employ the necessary corrective measures.

Finally, you are going to want to record and document all your self-assessments, scans, and follow up activities for later use. For full PCI compliance you will be required to validate your compliance with the Payment Card Industry Data Security Standard, and properly kept records will make this process much easier.

The 12 requirements of the PCI DSS can, at times, seem overwhelming and overly complex. Because of that, many merchants are postponing their work toward PCI compliance. Yet, given the dangers of security breaches and the damage that can be done to your finances and reputation, there really is no excuse for extended procrastination. And a simple, methodical approach to compliance with the PCI DSS is all it takes to get things started.

Specialized in: Methodical Approach - Pci Compliance
URL: http://www.braintreepaymentsolutions.com
Print article      Bookmark this page
Related Articles 
Daycare Grants Requirements (Popularity: ): If you're a parent who simply cannot give up your work for the bright future of your children, finding the best daycare is the ultimate solution. This stage is very crucial for your kid since this education is important for total well being, emotional and intellectual development of the child. But what if you don't have money? Must it discourage you to provide the vest education for your child? Not ...
Start a Successful Office Cleaning Business (Popularity: ): Starting a business, whatever type or kind it may be, is usually a long process because of the many things you still need to do like leg work and researches. What more if you are looking into starting an office cleaning business? How to start an office cleaning business is just like how you will start any other business, the process at least. But the work entailed is a bit ...
How to Start an In-Home Daycare (Popularity: ): Home daycare services can be a very rewarding occupation. Aside from earning a living, I get to spend much time with my son. There are also many other benefits for me and my family, it's like being a mother many times over, and no matter the demand from me, I will never get tired of it. Starting an in home day care taught not only me, but my family as ...
Having a Cleaning Business Plan (Popularity: ): If you are planning to enter the carpet cleaning business, you will need a good business plan. A good business plan is the reason why some businesses emerge successful. A good plan must keep you from spending too much on business expenses and at the same time make you more money. A few tips that can improve your business plan are below.By the use of e-mail marketing- with the technology ...
Learn From Your Competition (Popularity: ): How does your facility or sales environment stand out from the rest? In the market place, today, this is a question that you have to ask yourself consistently. If you are not asking yourself this question on a daily, weekly or even monthly basis, then you might be falling behind the curve. Most businesses are constantly finding ways to stay in front of the curve. Anyone that deals in customer ...


Related Business 
PCI DSS Compliance Solutions (Popularity: ): Safeguard personal information of ever customer with cost-effective PCI DSS compliance solutions. NewVoiceMedia is a validated Level 1 PCI DSS service provider, providing the equivalent level of security as most major banks, and is regularly audited to maintain that compliance.
PCI Compliance (Popularity: ): Compliance 101 offers small and mid-sized businesses numerous affordable tools and professional support to become PCI compliant and maintain that status.
The PCI Special Interest Group (Popularity: ): Unincorporated association of members of the microcomputer industry set up to for the purpose of monitoring and enhancing the development of the Peripheral Component Interconnect (PCI) architecture.
Spectrum GmbH (Popularity: ): Transient recorder from 8 to 16 bit from 100 kHz to 400 MHz, Arbitrary and Waveform generator, clock generator, time measuring system, PCI evaluation board. ISA and PCI boards.
New Net Technologies Ltd. (Popularity: ): All NewNetTechnologies software solutions are built using the latest technology, which means they can be fully adapted to suit all business environments. For more information on PCI DSS Compliance view our software solutions on our website which provide 100% of the features you need but at a fraction of the cost of traditional solutions.
Workforce Compliance Safety Ltd. (Popularity: ): Workforce Compliance Safety Ltd. is a Canadian safety consulting company providing occupational health and safety compliance requirements, including safety manual development for COR/SECOR & safety registry compliance.
The American Compliance Institute (Popularity: ): National membership organization of individuals and organizations involved in compliance, dedicated to promoting the principles of sound compliance with all applicable laws, regulations, standards and ethics in the conduct of business.
Bridger Tracker Compliance Software (Popularity: ): Compliance software solutions to assist any business with OFAC and USA PATRIOT Act compliance. Download 45-day free trial.
Compliance Assurance Program (Popularity: ): Compliance insurance for physicians, health maintenance organizations, home health agencies, and hospitals. Protects against Medicare fraud and abuse charges, as well as compliance with HIPAA, STARK, and EMTALA regulations.
The Air Toxic Compliance Consortium (Popularity: ): Information on the status of air toxic regulations and compliance requirements, and natural gas compliance technologies and vendors, and links to related web sites.