With the recent rise in data breaches and identity thefts, implementing a sound information security program is no longer optional. Companies processing credit card information are encouraged to embrace and implement sound data protection strategies to protect the confidentiality and integrity of payment information. Some of the challenges for achieving PCI compliance are outlined in this white paper, as well as successful tips to help organizations navigate through them.
Provided courtesy of
Payment Card Industry (PCI) Data Security Standard (DSS)
"Embracing PCI - Making it work for you"
Executive Summary
With the recent rise in data breaches and identity thefts, implementing a sound information security program is no longer optional. Companies processing credit card information are encouraged to embrace and implement sound data protection strategies to protect the con? dentiality and integrity of payment information. As a result of this recent trend, a consortium of payment card providers collaborated to introduce the Payment Card Industry (PCI) Data Security Standard (DSS) to ensure that companies take due care and diligence in storing, processing and transmitting credit card data. The goal of PCI is to improve data protection strategies that will allow consumers to swipe their credit cards with more con? dence and assurance that the con? dentiality and integrity of their information will not be compromised.
Some of the challenges for achieving PCI compliance are outlined in this white paper, as well as successful tips to help organizations navigate through these challenges. Although challenges exist, organizations should remain encouraged and focused because there are bene? ts for achieving PCI compliance as outlined in this white paper. By achieving PCI compliance organizations eliminate unnecessary ? nes and penalties, heighten the awareness of PCI standards and requirements, and assist in the preparedness and readiness for upcoming PCI assessments and audits.
This white paper provides guidance on how to achieve PCI compliance and a summary analysis of the 12 security require-ments of the PCI security standard. A good ? rst step toward achieving PCI compliance is embracing it while realizing no stan-dard is perfect. The key to embracing PCI and achieving compliance is to understand that at the "heart" of the PCI standard are sound, fundamental security practices for data protection that seek to protect data con? dentiality and integrity. One of the keys to understanding PCI is realizing that it's not a security panacea, but rather the starting point to help organizations put in place a process for implementing and regularly reviewing sound information security principles for data protection. Thus, making PCI work resides in your ability to seamlessly align and integrate PCI with your existing information security policies, procedures, standards and guidelines.
About the Author
Kevin E. Greene is a Sr. Security Consultant for Dickerson Technologies. Kevin has over 10 years of experience in Information Security and Information Assurance and has written and contributed to numerous publications and white papers on various Information Security topics. Kevin holds a Master's and Bachelor Degree from New Jersey Institute of Technology (NJIT) and is currently an active member of Information Systems Security Association (ISSA) for information professionals and practitioners.
Over the last 10 years, Kevin has been actively working with clients in developing and formalizing their compliance strategies
Payment Card Industry (PCI) Data Security Standard (DSS) 1www.dickersontech.com www.securecomputing.com "Embracing PCI - Making it work for you"to meet PCI, Sarbanes Oxley (SOX), and Health Insurance Portability and Accountability Act (HIPAA) requirements for ensuring data con? dentiality and integrity. In most recent years, Kevin has been engaged in various projects assisting federal agencies with their Certi? cation and Accreditation (C&A) process, including documenting, validating and test-ing security controls. In addition, Kevin has been working with various security vendors in developing data protection strategies and solution offerings that provide not only data protection, but also a framework that leverages sound information assurance principles.
Introduction
The threats to sensitive and con? dential data are consistently on the rise and consumers are becoming less con? dent that their data and identity can be protected. The U.S. Federal Trade Commission (FTC) received over 670,000 complaints in 2006 - of which 36% were identity theft complaints and 64% were related to other types of fraud. In 2005, over 680,000 complaints and in 2004, over 650,000 complaints were reported. In the Consumer Sentinel report it goes on to reveal that over 35% of the complaints were identity related ... [download for more]
