|
|
|
How to Ensure Your Company's PCI DSS Compliance
By: John Linkous
2009-08-05
Article Rating: / 4
There are 0 user comments on this Network Security & Hardware story.
How to Ensure Your Company's PCI DSS Compliance (
Page 1 of 3 ) Complying with the Payment Card Industry Data Security Standard ensures that your company can continue to do business with the Payment Card Industry, but it doesnt ensure that your company will be secure as well. Companies dont want to be in a position where they could have prevented a cybercrime if they had only gone beyond the minimal amount of work to truly become PCI-compliant. Here, Knowledge Center contributor John Linkous discusses seven requirements companies must meet to both improve security and ensure that they are compliant with the Payment Card Industry Data Security Standard. As
organizations continue to struggle with implementing the Payment Card
Industry Data Security Standard (PCI DSS), the number of
recommendations and interpretations of how to implement it continue to
spiral. The importance of compliance with the standard is obvious:
credit card fraud is a multibillion dollar criminal enterprise, and
credit card information is the key commodity that enables these crimes.
However, the details of PCI DSS
compliance are still often misunderstood. Listening to security
software vendors, in particular, one would think that PCI DSS
compliance is simply about buying and implementing the right types of
software: Security Information and Event Management (SIEM), Data Loss
Prevention (DLP), Network Admission Control (NAC), and Intrusion
Detection and Prevention Systems (IDS/IPS) softwareand then walking
away.
The bad news is that compliance
with this important standard requires much more than software. The good
news is that, for most organizations, a basic set of requirementsthe
"must-have's" of PCI DSS compliancecan help to frame a successful PCI
DSS program.
Fundamentally, the PCI DSS standard
exists to protect one type of data: cardholder data, a catchall term
that includes both visible information found on the credit card (such
as the cardholder's name, card number and expiration date), as well as
data encapsulated in the magnetic strip. The standard impacts any
organization that stores, processes or transmits any part of cardholder
data. Of course, that broad definition includes many different types of organizations, including the following four:
1. Merchants
From single-store, brick-and-mortar
retail establishments to the largest international retailer, each of
these must comply with PCI DSS if they accept credit or debit cards.
Fortunately, smaller merchants typically outsource some or all of their
technology to service providers. These service providers maintain a
large part of the responsibility for ensuring that merchants' data
remains secure according to the PCI DSS standard.
2. Payment processors
A critical component in the chain
of credit and debit card use, payment processors are responsible for
securely routing card payment requests on behalf of merchants to
financial institutions.
3. Financial institutions
These are the issuers of credit and
debit cards, who manage the cardholder's account and are responsible
for determining whether or not a transaction should be approved, based
on factors such as the cardholders available funds, cardholder
standing, and unusual or potentially fraudulent recent card activity,
etc.
4. Service providers
These are vendors who provide
cardholder-related equipment and/or services to merchants and other
organizations. Under PCI DSS, service providers are fully responsible
for implementing PCI DSS processes and controls on the cardholder data
they manageeven if the cardholder is not their direct customer. As a
result, many smaller merchants can work with their service provider to
help ensure that they achieve and maintain compliance with PCI DSS.
|
|
�������xks8(y\�9;N1E�)%[rei-%LU*$)KR5{O<_:
�]HKd2&3I�h�Fh@�%\:a�qE1>=zg{HR}o���M#rJ��9AZ#:,t�aeNZNv@\��m@^}?³H,Ad-FF��%SjNAM3g�{zm_6gڄ2z9ޯ3�f��E63FE
^�Q)x�Wü#~h-'@I�b�܇�Q�81P(�} c [t�f�;v oTYFN�83qy�f/Da_XITUlE�xL!|x\g{'dY/{/�Pb7��0}�dd9-r4Ȋ6O)�|@��ɠiaԣZ�r,˚79hey�nݞJ|��
'jrT(�Ei�νoĩq3{Z7�_�*�
GU#��,;�Rp[Nv^Ԣz�Ci]w�~n]^G��r m
�tm%&�W j�DTV*bd$"���P}jCC'$�/@B�RMWJ�Qߩ�QQ-'jrx'i̮g� f�ZҘ�'�E)�![lji]
ZvE�v�;lM,!�ZUU
�Z*^lHwN͢y|qӾjvo{MV�I3�a
�,�`z�Oy5HYz>5T�0���|$)H�?6g/��P}Fr,�d9h^�:�پBdu#$�7��RxDɼ��9V5��o��o 3E@;,�tj�tk�Uxm,qT�kR� E/|@#�Lw�P3Z�$o�
K�j�Lr5&Sk~�$U�cb.L2o2z�J�m̗/d`(&�uq:�].���a#w{<͈��_��\RG�
3
p1,RIo*�S4�apv�~�YnVՉ&YX]uUfjZVY?iKsI�|n5Iw��Z0,(�:NQgm�56l;5d}4>�ACA�4icŦ/@ӧ&�hC�ҍ�L� ��
w|n��:� }#
10gwk9�TP"iAЂNx>4�T؎�M6}l2��w�9;-L&w&�ZAr74�c`���V����PC�h��' 6)$@}�>\���tv62-P���s�R�N܈Q��BM�2(%łdh����4.'P(BHP!�9��� ���99]�
�ŌQ~#!b\Jj2'9\v{B#ҙ8C\~(PύgriI��Z
z)|I(l��e4M.=?麾i1!��G�,[E`z9r,T��.�k
��R%Vj9m�2*�C�đQ�# H\PsMqsߴa!m{i�g�߄#&L>HQox@�}0Ľ�l�ٜI893�@�0:A̾P��,|-gn59\;N/=��21 4f�כ�fU�Hj�`>gYA�3�G|@]4>╋zV&H(A0�0��ѿ[��Ğ���r�sF3Ւ9\d䖅ʁZOeɲ�#�AP3�>ťp(m�tf�и+8EC4ʑz ~24i6"kBVQ6/:A| ~ޮ
J]��(Y���25SsjU[s?�PD,�P.^6�7�*Hg��ˣț�u2Lz%?GIo�iC��WslR:qaQTȅiSh#��Oo�ꉪ�U�K>e3�� �9P͝�poTnYGΧޙ�zP��"w=: 7S-`tӱ; �mЙ�ߣ )!��w1��JYY�,qTʡn�*X]���"^�|��@(���K��ЁUraXkjrp쟷ה]!
._8���y+l�Uu�~8`C�L�mRǦE}B5ߴ�iik#2bׇYk)�+BQQb/`uMD@kn�V2���ˣ�Wر,>�3hƕ� X��1L:=���_�niX87ĞOCBU��Hx�
3??4X)049�?^uszm6S? !ܔV�����R6]֙32-R^:>>8ĢTq�U<{��J(&�;oâK�_��� c
���3H$�/`+��� ��D(r��TqX_F�s�X��v1EAP-�o�M�締u0$߰�
VT#RBs�}?7�2[!*�:5��t&9����P+Rjs��V�2�#yVa/b/Uqё,u�`���2h:pn`w��y�v�4>t@X�qDG��L �ԀH
�p�LU}6�)&ٝe'(�;7>+>�iR�I�f0 �5-"�*b5�6>
�P�ףN瞏vR�r�#nׂ1S~Z`�3b/ kJztXT{Ϛ5�_5]pHA�j��
Мv;#ؐCMAm2̧ v���QG*Y]ў#Wh
xV IRdS3UwF!Yhyl3iqU�nU
ҕ{ӅopM8�½�ojv �Qby6�"���h �&Z��m#}5=��9v܄9]2С6<^ uEUˉ|�LT̩,By�Kf|gAUϘgw|�F\/^!@/\
6M'~sWn�-m۠�|e�4M4n1�%[4AywN5�� �n�AjAy̧ 景Sb3�GGQ%kdٝqN]7E$w9`\�G[HNowBKpG�vǕpk�ǵBP�A<���R-cx�864>sk3i
mmKQ
Cz�G<�H9S$K"OdP%К�H�ZR798$uv_*|)<$j�AL�q\TX�Y\z�U͛�CUT-Vr!!^ͳ!WfQ]A�рM\r)�Ll�'�Ġ�RHS&"L] ?�Tf\=^�ΈC9537~@�@�-tP5^IS��.�W)iv,[�XLh;�CX�I34c
ڰ�S�Cf`.S�%xXgI@= �
&8-.�]E^h2)ҧ{{ޛn@h#�&we*1�⃢Fr|$UJZ��VJ/{�3�i�G\�P�R�>(�{yO"P?��R)TGU�N�e�-}� J��!~[6E�����=a?up5491���-k\�x0M
V,VXԸ @48&�o;O��$1@
AE@"�jC߱?$
?���/k�ݟy�c(,m�'LGO"��7�UM}�HN1�2`^=}n=hwy01V 0�kKx��fqh/R1)�X|ptՔڝƇ�?�pȾYU $H��X�M�ޞ.mFtl{%�%lml>H�mu>��8�.o�dhX;�t;�Nq}%^}ֽ^C|'}Ւ
=Q~܌�{�RꘅG!pUV:<��2Kڎ6�N#ry�KwMT!5C tkN,ruXMR!�m=LUe |
EEOR8m(�eETXޞ,H�,7<1ޥ]ƙ�xzIa纱�yx2:i1�-Q�k��Y2��)� -;|C?Ot�!}QWR4ՖW߅4Brc��xr�)fHgZ�B,"�K=êQUbݙm�izt�<�h;n�{
�G�@)3^X�2k-w(�v-̳,��]9W_!_�mzloIU2C�Zс-�7O q;�f=;0���>�q=췡�v`ϓ{~�\AZZĩUrc���0c�Ԛl3,�LjܳRpfic�HK�Ҹ�I�09mJHHJA4�s¯F�� *;s�\3'伉~+N[�V[25kl?J/[n; VVi�cP��h�SϏ%ɘ&B�AW�5vlko$z�Y9sJU_.C%;8�{�xH_:@Ɍ7CCҁ��-�3H�mm3{zi-8_2}K�N7k{�Y<��`Ϛ�7�2]a�L�M-R"n9n��p;D
)8eʁqa
ГG�
�mזB�}{�_
�14�L,*zj6;l-S9&k
?Q@.,vt64X��a�AXy� �VorlK9w@rq&�}x�2��HB%�˶wkVp�N
v_�!O�!%�JJM�-c�m�@|Ր۲/�(wBqVE0p>�~���oE�[�ά1!Ifm1ZP|=�ߎ93{K�4�Wl�ZSgeלo_l�ZR|
� \��G՞
�<�N�~-nɸ��hE'͖�x�LM>_�'
2>6,�eM�g̙-X!�*j�-IX(ﳳB�ͿE3)�]�Iӡ>aDQ�x�OYQ�v�g�k`=O>ʞ�SE)8j�ቒ�8DҘ07d@�~i^W�8��L|YH)'
Ǎ�$�i���t�h.F1f뻗yŮ#`�;v/N�FP-&zEI?�S4O�T?m�σ]ɝe U��#Kؐ�K*(@3l%��̳4j�8:� Ƕ�?dB1x�Yw�!9��n2�F�CL_Kxȱ<�vN�7
�6�[0aĽhAgOFu�T _8Y!P�Al��h?�Z.k��ϭbj=ґS}zgQP8N?ZyUl��to�/=UqHIl`Cw&B�%S$C^86'W
q�sj�"[)��co"R騔8Q==_jx3�(v&"F11sT.�̀oxly-5C�˚E`h�]{��',7��\�$b2rbџmѬ"zlޠwx�?�Ȯ@-66,�{�'6�fޟ~�&^<ͮ�*GU5ؔY"-F -'2~P2Pd�
rL�0tĮiOqC�/��6m0]�xi#W�GB(!�=6�O@+�$�%:�� IDv俇̩�2J:[wuk�79�BJR�I9z}Ȣ*)�ȢRd1�+4O,j�V@e1���V=�I"Nty�Q%%NB<�@��Q'�X��H9x?Rp(mɳR+!7ʠ�ZTu1
{J_nft� �J(mI$`3͖NIAg i
R�V`o��sew�W'pAB}���낀'Όz,V�L��_!Rb$6f�pЄfgc(D�Rr]#I-nKէS#^Fޡ0�ܮt@�h��,R.���WT!�m�؎�8&�����`c:}z-�{F�g댥ޒF�,c-�K8P*0NV6666li�o3eKN՝h�-:n�Ԥ0�-۶�H.�t �uW-^|_TW�5u�48&e"g2�[ԘPh/�3�lIgnH�d��F1~K
40�>3N.e�H�" �H�D�Co^�]+$�՟QxK{1+-a8pr䵑��j�"�\؞zx��cXJ^�^2euuUY�?$-22YR[3Yfn}EJ7P�Gc?�ij[A11�>,Ϝ=[��C6�}-{[.[�uAwV@i�۽rgW4fJhtڽ䌥�ދo$�T�5@`��H�/;t}7m�^f5Y$�6�Y��kKؚ/�r@� �~[C#/GW$6֥پ4��hӖSgn��B.5FT�I�K `[`]ok�4sG{c�J�K;Iku�yB��!�x}ˌonz�gwV�t.`So7��zWNO9Y'�/s{�sANQ_[T3�a o;}n&Z~P:ͰF���0 {h'"?[^6=r3S}N3�\,�[B�*[ń�/@ �/�gqWV���=�v C�t/�c��$;�(tyn&F$%��m�'X�`|J0��-c
��!( U-.|i��ȲسGg�]� 6+b9jv�;`<沛��@-�@ȼ2�Cj,��!*%"Q0M[�é)⌱fnc���)s_b�%ITV�O"I�kɻ0cЃ�:?w}�§���{qR4g,/~.Eڥn.W&AAe�e'�Ia4�wb�56Y/#�(�85d�cH��jDxeo~Õ
frM�ϛ:��C�O"�up����,��Y+z�)�.X�;d�n:��,�k'RbeHVToq'�A7">y�?~�T�&ݥ e
�l㌅�MEKT0Ì:�O0q[�nR�+dH&�Nx7+�CrrO-X}�;(֑bS
l�8B�$ؙ).a�cMFoJ@Qo�Eq8��@��`mWjh$�Y0t�{"�w&B&U% _�&�҆%I�2�9�ւ֊6 N�-űG�-DWv?½F+f\��a�+7ؓzh_M5�xu
@F,c4S�`;kf�-�{ti!j� {d�>a!/@vQ^
j6m7h�n(O:-�l갰�j�ٟ@S#4�?Wo7f)t$rCXc)G1Vn>^_�G���Qݾ ?ч��r&pdNtK�M
2�@�s�8
��o|>_yL0X��0!,ȘR6!��XV��tIv��)�a��`DC�< �9�c?iE
� u#��m��#B��
�l!
[,x/=J<
|�Dj&Ju��I �d��3�w
�
S�!\�)%lRn$|�Y�#έϑ�
�h`��k�r�5J
=/ay?lqܓv?Eޟ�~@ 33@Y��Cyǥ}С5+ZP8�YGcY#�`�><0�s�ŭ�KC¤vT:,=>& .yHcI�� ظWiNTxTL-Mn覧zN`�>5uXB|aЇ8�\
���CZ(_B_"3;HŊRN,�v'Чx�і̊G2�q<:JK�reY
�u$5GlË_Z�;����u0!hzBλפAί[-t?nG~%�n�c]���|p=N96u{_Wuj�h:>^56V/
�vIU(Aί��S�r=XԞpi.$�"G}ɂw�û\l"f8l�軤ً'a~�\>)e;̋l
QW~00T+�<�f؊sm9�Gr:��%g!uBw�1�Zj�-BZU9j,7Wa�q���ç�el@W\=TyDyq x�?f�d_CuzY�(ޅnF:R = 8h2 ,=�s��� ?_svzz�оvF>ӾH3g/�2�>vNtw�~'�>ී���g'>;@�D�gH~���gw �{1W?W�s�w1~]h7]?��͐/=^�}|/5u����7'3=�ק��音ҡ3�9�7~�{A7PMF7@7�$)c�F�5zpz~=�9H/�R*_�~J%yF�gȳJ�3�Vn�V`�s#�_?+/q\J�;6
q)+�+]Q%5L+Uq.�2}:�e|&�X7f1)��'U4t|d�ل}�@CXy#u��� sϒu�]�cR�M�fܮ {%]Ko,jcENXEK<]>46팇d�3,�E5d6l<4&\aqj(˫rIj7E�3�׃>Z9�76և٧��x5CZWa>YȞ,m��8�5ߜ#
R������?|Gr&ƀ뇈\R�?аq�30Jo��{ԁ�;L@�Ԍn@R#9w>*%U-)UTj%w=o��"PG5}?�"Z%��<@NL!6j"�%+ͫY9f�N�E5/q� ;Mo�J!�Ď`�w;В�P}ou�`{8�ڛXJ�bBg�MߟS?c��b�Tl&&Φ軥�P:䓿�ڱ;�?�zǝa���0@�@c��dC��ҕ��q?w�� �Ls�F:<6�.LUUzuw8��+jGC>L[e\)�V@|_s<˴�d<@T�:?�lC�FZOc̓]!�3,kC�rte̲�T{aw�9��Wҡ��pE{ǻ�F�F-�G����9!�=�0k�ƍ;`�3n:��bR�z5cm᧭AԽ�D%#7ZNƀ 06�^j��2ݥJČ(18»R�\��jt�x滀Z�'¾�tm�gqlC�k::njnԹK�aO_|y
��$Gl7�2�Ќ/XWCOv$_މ��;3o�?Ee���Oa\7n�BaIg�i�$6��/�6N��Ԅ�
sE�OXrcm��}
�%$Ie�`M߂:3t^����ɡ3=wƁħ�&\k\�v5$$�}9=
�zlrm=Sv(:V:��Ǧ a48<�L }+̱� �i
{d�ԢԱQ#{Xsa���k�e�oL�"m�DԤBQm�kŇsf
-���9�%|Q�~͌[%|F33o��1F#qyS�� *pd+�a'�F*��π��pkyίW�Pl��OfzLT zʴ"W៵�XqkNv֒{ֶ� ;Cf�۴�@�
�=/f�SMr�GWA{͂Bv���ߌZ!q�zh�ӧ�5Z@#�K*C�24`e�]:CA\U �]�x@�ohM��#2�HnOvG�D�g>��V'هl4hM@��{oPr��U`i"�Cr8�WI =���:?[�Q-�0�pk[p.@xEf:R8WD
+^)Yb���$u\n/�~gS��@
ky�j#ŧ3W<2FP/r0ߺ�Fa|dt#�O#]ZEc`7p�ۂ{�iW��e�ZpC6)�tnO��1��CNx3NEl�s^��r�sH|8N�|ܴF#$5��6B
(c��4 fɟEIܫ8mׁQ#6l#2
XCڢ~*Ȱ+N�Oe�k{g9�"î,�ۿvyX�hF
B29Ǹ�-te �
�-<�܊�~c\���^f+1ͱ7�cyu2iGfB~ea��G̼<&;ڂo/tQLsan���aL ��;acXJ�,�o�ԛ'TS*|J> �T.v>ϝ/ze��S|"[4.g`q:<(GG�
.V�2�i-14`\5w�SF�]��<��A�Ci�5>gvE�&�z1�mr?u,�r�]��l�&jCi>���b>�Y{&���c0�z�T<5G@TF�_E@�G7bq+0�;'%o7��g֜]��60]�9�R3 %D�,[k�^c"a?<#vdi'G�%?�:��}��9�.s@�ʧ$NS,0?�X ړ%W�3.r�+�
��"l8Y%�_.[I?MA�AoBy�HN˱A3��@+`.g'q~qt窂&�(ЈV"p18ސ|ֽ^�/]:46>~~jJaF�yiAQ�y2��!�5ՇdF�;��k~}�'Wh<�k<��#@FMQ+j5Nb�i|W�X�=iQf�rYK
V7�콳�>{�oܮN�)
d%r�R��A3EiQm&'�Cf[5{qHs6BJFslf\-c6�]-{�0S����
|
Network Security & Hardware 
