With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.
Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).
The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org/
Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Moreover, there is a deadline posed by credit card companies to achieve PCI DSS compliance and that is December 2007. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS within the stipulated time frame. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.
Security Manager Plus can help you weigh the effectiveness of your organization's PCI DSS compliance efforts. It can automate the process of PCI DSS Compliance by scanning your network for vulnerabilities, determining if your network security is compromised and reporting whether the systems are compliant or not-compliant to the Payment Card Industry - Data Security Standards (PCI DSS).
Security Manager Plus enables corporate networks adhere to PCI DSS, by assessing many key requirements of the PCI DSS and furnishing compliance reports. PCI DSS compliance report in Security Manager Plus, presents the violations in your network from the requirements PCI DSS. This report is specially designed and generated in the format specified by the "Payment Card Industry Data Security Standard" available at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
Refer to the checklist here to see which PCI DSS requirements you can meet using Security Manager Plus
PCI DSS Compliance Report Screenshots
|PCI DSS Compliance all Sections||PCI DSS Compliance selected sections|