The Payment Card Industry Data Security Standard or PCI DSS was developed to combat the theft of cardholder data.
Formation of the Payment Card Industry
The Payment Card Data Security Standard was developed by the Payment Card Industry Security Standards Council. The standard assists organizations that process credit cards to ensure it is done in a secure manner. The standard applies to any business that processes, holds, or exchanges cardholder information.
Important PCI Rules
- Businesses must maintain a firewall configured in a manner to protect cardholder data.
- Encrypt transmission of cardholder data at every point in the process, must be verified.
- Anti-virus software must be up to date and on all systems.
- Regular tests of security systems and processes must be able to be verified.
- PCI Compliance is not a law, unfortunately if your application is not PCI compliant you run the risk having fines imposed on you or your customers up to $100,000.
No comments:
Post a Comment