Filed under: Around the Web
Tags: pci, security
- Encrypt cardholder data.
- Use products that are approved for the PCI standard.
- Understand the concept of compensating controls.
- Organize PCI compliance as an on-going, cross-functional project–not as a one-time event.
- Understand your cardholder information business process from end to end.
- Take the time to read and understand the PCI Data Security Standard.
- Store unnecessary cardholder data beyond receiving the authorization code.
- Be lulled into thinking that you would not be a target for criminals.
- Try to create your own crypto solutions.
- Assume your vendor is protecting you.
Some good reads around the web on PCI compliance:
Four PCI Mistakes to Avoid
1 – Treating PCI as a technology checklist
Many organizations think of PCI as a checklist of things they must do periodically to satisfy the auditors. They do the minimum once, document it, and give the resulting report to the auditors. Instead, organizations need to make PCI a continuous part of their normal operations, which dramatically lowers the risk of exposing cardholder data and of the problems and liabilities that would follow.
M1 – PCI just doesn’t apply to us … Myth: PCI just doesn’t apply to us, because… • “… we are small, a University, don‟t do e-commerce, outsource “everything”, not permanent entity, etc” Reality: PCI DSS DOES apply to you if you “accept, capture, store, transmit or process credit and debit card data”, no exceptions! At some point, your acquirer will make it clear to you!
Top 10 mistakes in PCI compliance
As more ISOs and acquiring banks initiate programs mandating Level 4 merchant compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), they are coming face to face with a harsh reality: It’s one thing to establish a PCI compliance policy to help prevent theft of cardholder data. It’s quite another to bring your small and mid-sized merchants on board.
** Do’s and Don’ts (source: http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1257098,00.html)No Comments »