Requirement For PCI DSS Compliance
Posted on May 10, 2011 | No Comments
Paul M Walsh asked:
In general, the PCI DSS compliance has 12 requirements that both merchants and business need to follow. The following are summarized below:
• Cardholder data should be protected using a firewall configuration. The configuration should be installed and maintained. The PCI DSS compliance notes that one of the best and most fundamental ways to protect sensitive and personal information is to monitor the kind of traffic the website has. The business should be able to see the type of visitors going in or out of the website’s system. Firewalls make this possible.
• The security parameters and the passwords of the system should not be based on what the vendor provider. When you use the default setting given by providers, it’s a like a giveaway for many hackers. Using the given password and security parameters is like welcoming hackers with open arms.
• The cardholder data should be kept protected at all times. As mentioned before, aside from the firewall configuration, the storage of data and encryption should be considered carefully. All programs used to write codes should be from trusted application.
• In terms of transmitting data, the transmission should be encrypted through open, public networks. Data is most susceptible for attack when transmitted.
• The system should use an anti-virus program. It should constantly updated and used. You have to remember that not all malicious threats to the server or database is deliberate. There are cases wherein viruses have become naturally part of some programs. In this case, there’s a need to clean them.
• All applications and secure systems should be constantly maintained and developed. All patches should be updated to make sure that system flaws are properly dealt with.
• Sometimes a program has some flaws that can allow unauthorized access to your system. You must keep updated with the necessary patches to fix those flaws.
There are other requirements and measures that you can implement to build on your credibility and pass the compliance standard. For more information, search for requirements under PCI.
pci compliance audit
In general, the PCI DSS compliance has 12 requirements that both merchants and business need to follow. The following are summarized below:
• Cardholder data should be protected using a firewall configuration. The configuration should be installed and maintained. The PCI DSS compliance notes that one of the best and most fundamental ways to protect sensitive and personal information is to monitor the kind of traffic the website has. The business should be able to see the type of visitors going in or out of the website’s system. Firewalls make this possible.
• The security parameters and the passwords of the system should not be based on what the vendor provider. When you use the default setting given by providers, it’s a like a giveaway for many hackers. Using the given password and security parameters is like welcoming hackers with open arms.
• The cardholder data should be kept protected at all times. As mentioned before, aside from the firewall configuration, the storage of data and encryption should be considered carefully. All programs used to write codes should be from trusted application.
• In terms of transmitting data, the transmission should be encrypted through open, public networks. Data is most susceptible for attack when transmitted.
• The system should use an anti-virus program. It should constantly updated and used. You have to remember that not all malicious threats to the server or database is deliberate. There are cases wherein viruses have become naturally part of some programs. In this case, there’s a need to clean them.
• All applications and secure systems should be constantly maintained and developed. All patches should be updated to make sure that system flaws are properly dealt with.
• Sometimes a program has some flaws that can allow unauthorized access to your system. You must keep updated with the necessary patches to fix those flaws.
There are other requirements and measures that you can implement to build on your credibility and pass the compliance standard. For more information, search for requirements under PCI.
pci compliance audit