Skip to main content

PCI Compliance - Cheat Sheet

A bit of background regarding PCI compliance - as credit card use has become more widespread both offline and online, and as consumer concern about security has understandably grown, the credit card industries have made an effort to ensure that sensitive information is protected. To that end, in September 2006, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) formed the PCI Security Standards Council (SSC) and established a set of rules for what they called PCI compliance. These rules have to be followed depending on the size of a business and the number of credit card transactions handled, and if done properly will help protect consumers’ data from theft.

The Rules in a Nutshell

There are six major categories within the standards established by the PCI SSC, which are as follows:

–Build and maintain a secure network
–Protect cardholder data
–Maintain a vulnerability management program
–Implement strong access control measures
–Regularly monitor and test networks
–Maintain an information security policy

Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

Where to Find More Info

Each requirement for PCI compliance is broken up into a variety of subsections that go into detail about the process, the full list of which can be viewed at www.pcicomplianceguide.org.

Section 6.6 is one of the most important subsections regarding web application security because it is coming under scrutiny as of July 2008.
Labels:

Comments

Anonymous said…
"PCI Compliance - Cheat Sheet"
7:56 AM
Post a Comment

Popular posts from this blog

PCI-at-a-Glance for Gaming

There are four levels of PCI Compliance.  Level I is the highest standard .  Levels III & IV are self audits and should trigger serious red flags within your organization, as there is zero accountability. Why choosing a PCI Level I supplier saves money and limits risk! -         Liability : using a PCI Level I provider means that you absolve yourself from all liability as it pertains to the storage and transmission of credit card data. This means that if there was ever a breach and personal information was revealed, your SERVICE PROVIDER is liable, not your company. o     Imagine your Public Relations Team explaining to your end users that their personal credit card information was compromised because you did not choose a PCI Level I Compliant provider. -        Registration pages: o     You must host registration pages, because they cannot touch credit card data. -        User Self Service: o     You must design, build and maintain USS because they can
1 comment
Read more

beChange | WHY?

I believe that everyone feels alone or questions themselves from time-to-time. When it gets bad, it is akin to losing one's MoJo...where you doubt your instincts and find a bit of paralysis-by-analysis setting in. In baseball it manifests itself as a slump. Pretty soon you are standing at the plate and the ball looks really small...almost like a BB. And because the ball appears so impossibly small, you begin to believe the only way you'll ever hit the ball is if you begin to 'guess what pitch is coming next.' This then leads to BIG SWINGS...at curveballs...or LATE SWINGS...on fast balls. Net/net you look ridiculous! And the biggest thing...you LOOK lost...and everyone in the grandstands can see it! This happens in relationships as well. You start to lose your MoJo and doubt yourself in your relationship. You doubt the other person's feelings...your own contributions emotionally and intellectually...whether the person is still 'into' you...and you get a bit
Post a Comment
Read more