The Road to PCI

Securing the network isn't usually what comes to mind when people think of PCI, or PCI DSS (Payment Card Industry Data Security Standard). For businesses that process credit cards, which include retail organizations and a growing number of government, education, and healthcare facilities, complying with PCI means getting rid of credit card numbers after they are processed and encrypting payment data. In reality, if access to an organization's network isn't tightly monitored and controlled, many of the other PCI guidelines are useless. Ensuring the security of the network transactions are processed on is imperative.

First, the basics: The objective of PCI is to implement a worldwide information security standard so that all merchants that accept credit cards would be required to protect cardholder data by complying with a set of universal security standards. The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2004 to ensure that consistent security measures are taken worldwide to protect cardholder data with comprehensive regulations reaching the market with force in 2006.

The PCI DSS requirements cover six basic control objectives covering many areas of company networks and practices:

1.    Build and maintain a secure network
2.    Protect cardholder data
3.    Maintain a vulnerability management program
4.    Implement strong access control measures
5.    Regularly monitor and test networks
6.    Maintain an information security policy

PCI regulations are designed to be comprehensive and iterative with many companies currently entrenched in the early stages of the two-year Lifecycle Process for changes to PCI DSS. Unfortunately, many companies have also recently incurred steep fines for not complying with PCI, and if PCI hasn't caught them, their customers have. Despite some debate around whether PCI whether PCI goes too far or not far enough in securing networks and protecting cardholders, it does not appear to be going away and instead seems to be gaining in momentum, emphasized by Ellen Messmer of Network World in 'New laws complicate security efforts in 2010'.

In the times we live in, network and information security are absolutely necessary--as is regulatory oversight to ensure this security when outside interests are at risk. So, how far has your company come on its road to PCI compliance? What road blocks have you encountered? What combination of security tools are you using or researching?  
| 0 Comments | 0 TrackBacks

Listed below are links to sites that reference The Road to PCI:

The Road to PCI TrackBack URL :

Around TMCnet:

Leave a comment

About this Entry

This page contains a single entry by Ermis Sfakiyanudis published on December 28, 2009 9:57 AM.

Where Security and Compliance Meet was the previous entry in this blog.

Undercover Boss: Lessons in Management Techniques is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Around TMCnet Blogs

Latest Whitepapers

TMCnet Videos