Merchant Security – PCI Compliance (sticky)

Sticky page for merchant links to important merchant data security information. Bookmark before clicking links!
There is no single source for all your data security needs. True compliance is obtained with a variety of resources- human, hardware, and software. Internal and external access to experts, technology and data to share with customers is another 3D Merchant competitive advantage.

Visa USA Merchants Cardholder Information Security Program (CISP)

Visa Drop the Data – Excellent resource for easy to read and critical information as well as links to more data security sources.

PCI Security Standards Council mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

PCI PED approved pinpad equipment list.

Master Card Security Rules and Procedures: Merchant Edition Standard guidelines every merchant should read.

MasterCard Merchant Data Security Rules

Data Loss Database – Open Source
This list of recent data breaches will wake you up.

Data Security for the Enterprise
Data Security Software by Credant
CREDANT Mobile Guardian mobile data security software protects data across all of your mobile endpoints, all users, and locations offering laptop security, handheld security and protection of data on USB sticks, iPods and other portable storage devices.

PCI Data Storage Do’s and Don’ts (PDF) – Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to protect stored cardholder data.  If you have a reason to store, follow  these requirements.

WHAT IS PCI COMPLIANCE?

The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information. The standard provides an actionable framework for developing a robust account data security process – including preventing, detecting and reacting to security incidents.

WHAT DOES PCI STAND FOR?

Payment Card Industry

other acronyms commonly used:

PCI DSS- Payment Card Industry Data Security Standard

PCI SAQ- Payment Card Industry Self Assessment Questionnaire

PA-DSS- Payment Application Data Security Standard

QSA- Qualified Security Assessor.

PA-QSAs -Payment Application Qualified Security Assessors

ASVs – Approved Scanning Vendors

WHO DOES IT APPLY TO?

Compliance with the PCI Data Security Standard (PCI DSS) is mandatory for all merchants who accept credit cards, online or offline. The size of your business will determine the specific compliance requirements that must be met.

PCI Security Standards Benefits and Consequences

Compliance creates trust between you and your customers, which in turn enhances your reputation.

Through the continual process of maintaining compliance, you also enhance your internal reputation.When employees are part of a solution, they’re more vested in the company and its goals.

Non-compliance can be financially disastrous. Besides the direct cost of fines and other fees, public reports of compromised data can negatively impact revenus, reduce stock price, and result in lawsuits.

WHAT ARE THE PCI STANDARDS FOR MY COMPANY?

The PCI Security Standards Council is the single most important resource for merchants of all sizes. It has answers to all your questions, including which standards apply for your business size. The council does not manage enforcement or apply penalties.

The PCI Security Standards Council’s five founding global payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. — have agreed to incorporate the PCI DSS as the technical requirements of each

IS THERE A SIMPLE CHECKLIST FOR PCI COMPLIANCE?

No. The rules vary by business type. These are the common pillars:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs.
Requirement 6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures.
Requirement 7: Restrict access to cardholder data by business need to know
Requirement 9: Restrict physical access to cardholder data.
Maintain an Information Security Policy.
Requirement 12: Maintain a policy that addresses information security for all personnel.

Read our take on one of the biggest PCI problems for business ro business companies -  the credit card authorization form.

3D Merchant Services Powered by CenPOS
2633 NE 26th Ave Metro South FloridaFL33064 USA 
 • 954-942-0483

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 7 = sixteen

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>