Payment Card Security Compliance
Credit card transactions have become a frequent target of fraudulent misuse. Due to a proliferation of cardholder data compromises, there is an increasing industry, regulatory and legislative focus on Information Security. Five payment brands (American Express, Discover, JCB, MasterCard, and Visa) joined together to create and support the following industry security standards to help facilitate the broad adoption of consistent information security controls for protecting cardholder data on a global basis: - Payment Card Industry (PCI) Data Security Standard (DSS) - Payment Application – Data Security Standard (PA-DSS) The PCI DSS is a common set of internationally applicable security requirements that is specifically designed to provide protection of stored cardholder data and minimize risks of unauthorized intrusion or account compromise.Merchants and payment service providers that store, process, or transmit credit card information must meet all of the requirements of the PCI DSS in order to achieve compliance with the standard. The PCI DSS focuses on 12 different areas of security including network segmentation, default settings, data encryption, secure network communications, anti-virus software, software development life cycle (SDLC), access restrictions, user authentication, physical security, event logging, testing and auditing systems, and policies and procedures. The standard is based upon information security best practices; however the key difference is that it focuses specifically on cardholder data and the relevant environment. The PA-DSS applies to those organizations that develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed or licensed to third parties. The primary goal of the PA-DSS is to help these organizations develop secure payment applications that do not store prohibited data (e.g. full magnetic stripe, CVV2 or PIN data) and ensure their payment applications support compliance with the PCI DSS. For more info read here --> https://www.pcisecuritystandards.org/
Credit card transactions have become a frequent target of fraudulent misuse. Due to a proliferation of cardholder data compromises, there is an increasing industry, regulatory and legislative focus on Information Security. Five payment brands (American Express, Discover, JCB, MasterCard, and Visa) joined together to create and support the following industry security standards to help facilitate the broad adoption of consistent information security controls for protecting cardholder data on a global basis: - Payment Card Industry (PCI) Data Security Standard (DSS) - Payment Application – Data Security Standard (PA-DSS) The PCI DSS is a common set of internationally applicable security requirements that is specifically designed to provide protection of stored cardholder data and minimize risks of unauthorized intrusion or account compromise.Merchants and payment service providers that store, process, or transmit credit card information must meet all of the requirements of the PCI DSS in order to achieve compliance with the standard. The PCI DSS focuses on 12 different areas of security including network segmentation, default settings, data encryption, secure network communications, anti-virus software, software development life cycle (SDLC), access restrictions, user authentication, physical security, event logging, testing and auditing systems, and policies and procedures. The standard is based upon information security best practices; however the key difference is that it focuses specifically on cardholder data and the relevant environment. The PA-DSS applies to those organizations that develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed or licensed to third parties. The primary goal of the PA-DSS is to help these organizations develop secure payment applications that do not store prohibited data (e.g. full magnetic stripe, CVV2 or PIN data) and ensure their payment applications support compliance with the PCI DSS. For more info read here --> https://www.pcisecuritystandards.org/
participants (1)
-
Thomas Kibui