PCI Compliance

Published: 2005-12-13. Last Updated: 2005-12-13 23:52:36 UTC
by Scott Fendley (Version: 2)
0 comment(s)
For those that have not heard,  Computerworld is reporting that Sam's Club is investigating a security breach involving credit card data.  This is going to be very interesting to see how the major credit card companies will enforce the PCI (Payment Card Industry) standards on large or small merchants.

Just thinking back, I do not remember a diary about the PCI standards, but I have slept once or twice in the past year since it came into existance.  So for those that have missed this, the major credit card companies have developed a set of data security standards that merchants will need to comply.  This include the Sam's Club's or other large merchants all the way down to that coffeehouse down the street who may only be processing 20,000 transactions in a year. (Personally I think that some subsection of these standards should also apply to merchants with a single transaction _ever_ .)   For many companies the point of contact with the credit card industry is probably not an IT person.  This person should have shared with you a long time ago that your company needs to work on this type of compliancy.  Unfortunately, in some cases this may not have occurred or was written off as being already covered under GLBA, or other Federal or State laws.

As IT Security professionals, are you aware of locations within your company which processes credit card transactions?  If you aren't, then take a closer look there is probably somewhere in most companies.  Have your business complied with the PCI standards?  If you haven't,  you need to get moving because you are about 6 months late.

If you are looking for resources to catch up on PCI standards,  here are a few sites where you can get more information.  If any of you have other good resources, please go ahead and post them our direction.  I will update the below list with a more comprehensive list.

Resources:

SANS PCI Webcast - November 2005
Visa Cardholder Information Security Program
Keywords:
0 comment(s)

Comments


Diary Archives