Sunday 11 December 2011

Payment Card Industry Data Security Standard

The Payment Agenda Industry Abstracts Aegis Accepted (PCI DSS) is an advice aegis accepted for organizations that handle cardholder advice for the above debit, credit, prepaid, e-purse, ATM, and POS cards.

Defined by the Payment Agenda Industry Aegis Standards Council, the accepted was created to access controls about cardholder abstracts to abate acclaim agenda artifice via its exposure. Validation of acquiescence is done annually — by an alien Qualified Aegis Assessor (QSA) for organisations administration ample volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies administration abate volumes
Posted by at No comments:

Compliance versus validation of compliance

Although PCI DSS requirements charge be implemented by all entities that process, abundance or address annual data, academic validation of PCI DSS acquiescence is not binding for all entities. Currently both Visa and Mastercard crave Merchants and Service Providers to be accurate according to the PCI DSS. Issuing and accepting banks are not appropriate to go through PCI DSS validation. In the accident of a aegis breach, any compromised article which was not PCI DSS adjustable at the time of aperture will be accountable to added agenda arrangement penalties, such as fines.
Posted by at No comments:

Compliance and wireless LANs

In July 2009, the Payment Agenda Industry Aegis Standards Council appear wireless guidelines11 for PCI DSS advising the use of Wireless Intrusion Prevention System (WIPS) to automate wireless scanning for ample organisations. Wireless guidelines acutely ascertain how wireless aegis applies to PCI DSS 1.2 compliance.12

These guidelines administer to the deployment of Wireless LAN (WLAN) in cardholder abstracts environments, additionally accepted as CDEs. A CDE is authentic as a arrangement ambiance that possesses or transmits acclaim agenda data
Posted by at No comments:

Wireless LAN and CDE classification

PCI DSS wireless guidelines allocate CDEs into three scenarios depending on how wireless LANs are deployed.

No Accepted WLAN AP central or alfresco the CDE: The organisation has not deployed any WLAN AP. In this scenario, 3 minimum scanning requirements (Sections 11.1, 11.4 and 12.9) of the PCI DSS apply.

Accepted WLAN AP alfresco the CDE: The organisation has deployed WLAN APs alfresco the CDE. These WLAN APs are anecdotal from the CDE by a firewall. There are no accepted WLAN APs central the CDE. In this scenario, Three minimum scanning requirements (Sections 11.1, 11.4 and 12.9) of the PCI DSS apply.

Accepted WLAN AP central the CDE: The organisation has deployed WLAN APs central the CDE. In this scenario, three minimum scanning requirements (Sections 11.1, 11.4 and 12.9), as able-bodied as six defended deployment requirements (Sections 2.1.1, 4.1.1, 9.1.3, 10.5.4, 10.6 and 12.3) of the PCI DSS apply.

Key sections of PCI DSS 1.2 that are accordant for wireless aegis are classified and authentic below
Posted by at No comments:
Subscribe to: Posts (Atom)