PCI Compliance and The Payment Card Industry Data Security Standard - a rough guide
Organisations handling credit card transactions are juicy targets to the professional “black hat”, a fact that has been brought home by a number of high profile credit card hacking incidents. To counter public outcry and a calls for increased legislation two major players in the Payment Card Industry - Visa and Master card - teamed up to create the PCI Data Security Standard.
The PCI Data Security Standard is intended to give companies handling credit card transactions a framework and set of guidelines for doing so securely: how to build a secure network, protect cardholder data and manage/monitor vulnerabilities and threats. The standard embodies sound policy for any organisation, outlining the need for a documented security infrastructure, agreed processes for handling threat scenarios, need-to-know access procedures and so on.
Unfortunately many organisations who should be in compliance with the PCI standard fall some way short, and the result can be a security breach, temporary or even permanent suspension of your ability to handle credit card transactions.
For many companies it’s only a small step to full PCI compliance, and Evolution can help by rapidly assessing your general level of compliance, highlighting areas that may need further work and providing suggestions on how to maintain full compliance on an ongoing basis. For companies that have been unaware of the standard or unable to aim for full compliance until now we can provide more in-depth help with a quick start program to move towards compliance, plan and create a fully secure network and put measures in place for running your PCI technology safely.