Thanks to financial identity theft, credit card companies have suffered staggering losses. In order to insulate themselves from further loss, the companies devised the Payment Card Industry Compliance Requirements and Data Security Standard, which came into effect in 2004. Merchants must comply with these standards. When faced with unacceptable levels of losses, credit card companies can deny a merchant the privilege of accepting credit cards, as well as levying fines.
There are 180 individual requirements, but in order to provide an overview in this limited space, we will only consider an abbreviated breakdown. These are seven areas of concern, along with 12 general requirements:
Build and maintain a secure network
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data
3. Protect stored cardholder data; the Payment Card Industry recommends keeping storage of data to a minimum by utilizing a data retention and disposal policy.
4. Encrypt transmission of cardholder data across open, public networks.
Maintain a vulnerability management program
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
Implement strong access control measures
7. Restrict access to cardholder data on a need-to-know basis.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
Regularly monitor and test networks
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
Maintain an information security policy
12. Maintain a policy that addresses information security.
Verify Payment Card Industry compliance
Are you starting to wish you could do business on a cash and carry basis? The Federal Trade Commission, which is the lead agency dealing with identity theft issues, estimates that 10 million consumers have been compromised in the past year with $50 billion in losses. We are all cardholders and would want the people we do business with to protect our data. If you or anyone you know has been the victim of financial identity theft, you know how much it can ruin your life until it gets straightened out. It takes 600 hours to restore a victim back to their prior state, according to the Federal Trade Commission. That is 15, 40-hour work weeks. No one has that kind of extra time, so it is up to all of us to ensure that we do everything we can to protect our employee and client data by following these requirements.
For more information, call Belinda Rachman at (760) 720-9324 or visit www.idtheftspecialist.info.
There are 180 individual requirements, but in order to provide an overview in this limited space, we will only consider an abbreviated breakdown. These are seven areas of concern, along with 12 general requirements:
Build and maintain a secure network
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data
3. Protect stored cardholder data; the Payment Card Industry recommends keeping storage of data to a minimum by utilizing a data retention and disposal policy.
4. Encrypt transmission of cardholder data across open, public networks.
Maintain a vulnerability management program
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
Implement strong access control measures
7. Restrict access to cardholder data on a need-to-know basis.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
Regularly monitor and test networks
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
Maintain an information security policy
12. Maintain a policy that addresses information security.
Verify Payment Card Industry compliance
Are you starting to wish you could do business on a cash and carry basis? The Federal Trade Commission, which is the lead agency dealing with identity theft issues, estimates that 10 million consumers have been compromised in the past year with $50 billion in losses. We are all cardholders and would want the people we do business with to protect our data. If you or anyone you know has been the victim of financial identity theft, you know how much it can ruin your life until it gets straightened out. It takes 600 hours to restore a victim back to their prior state, according to the Federal Trade Commission. That is 15, 40-hour work weeks. No one has that kind of extra time, so it is up to all of us to ensure that we do everything we can to protect our employee and client data by following these requirements.
For more information, call Belinda Rachman at (760) 720-9324 or visit www.idtheftspecialist.info.