How Pci Protects Credit Card Transactions

How Pci Protects Credit Card Transactions

The Payment Card Industry Data Security Standard (PCI DSS) was implemented to increase the security of credit card transactions at the merchant level. Merchants often keep the credit card information of their customers on file for months or even years. This is done for a number of reasons. Some are required to by the credit card companies, others use the information to facilitate returns and future transactions and still others file customer data under credit card numbers. Storage of this information makes merchants targets of hackers and thieves.

The ultimate victim of security breaches at the merchant level, however, is the consumer. If hackers are allowed access to the personal information of consumers, the hackers can steal their identities and rack up thousands of dollars in fraudulent debts. This has happened in some high-profile cases where the personal information of thousands of consumers was stolen from major retailers. In these cases, there is plenty of suffering to go around. The consumer suffers from the potential of identity theft. The merchant suffers from fines, class action lawsuits and loss of confidence from the public. Finally, the credit card companies also suffer a loss of confidence and are often assigned some of the blame. PCI standards are designed to prevent these security breaches from occurring at all.

The PCI standards are divided into six categories that very straightforward. The first requires merchants to build and maintain a secure network. This mandates the use of firewall to protect the system from hackers. The second category involves protecting cardholder data. Merchants must make sure stored data is secured and transmission of data is encrypted. The third category requires merchants to install and maintain anti-virus software to manage vulnerabilities on an ongoing basis. The fourth category compels merchants to implement control measures to restrict access to sensitive information both physically and via computer. The fifth category address maintenance of secure networks and requires regular monitoring and testing. Finally, the sixth category mandates the use of an information security policy.

As credit card fraud evolves, the PCI DSS will have to evolve to match it. Updates of the PCI DSS will be issued regularly to stay ahead of new threats from hackers and thieves. Currently, we are on version 1.1 of the PCI DSS. This is the second version released. The next version, version 1.2, is expected to be released in the fall of 2008.

To get your business PCI Compliant, it’s necessary to do Vulnerability Scan by an Approved Scanning Vendor (ASV). HackerGuardian is an ASV and offers several levels of PCI Scan Compliancy. Our services can scan multiple IP addresses and provide for repeated scans as necessary. The HackerGuardian “Painless PCI” program walks you through using a web-based wizard. No matter how large or small your business, HackerGuardian can scan your system to detect areas where you are non-compliant with PCI standards. A report will detail your system findings and make a recommendation on how to become PCI compliant. A passing report is needed to for validation with credit card companies and acquiring banks.

Article Source: Link

Vijayanand working as a online marketing co-ordinator in ID Theft team in Comodo, a leading internet security provider, offers a real time Identity Theft Prevention and Identity Fraud restoration services among others.