PCI: The Standard for Credit Data Safety
By Jennifer deJong
March 1, 2007 —
In September 2006, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International jointly announced the formation of the PCI Security Standards Council.
Made up of companies that issue credit cards, the council was established to manage ongoing evolution of the PCI standard, earlier managed informally. The council’s mission is to improve payment account security by fostering broad adoption of the PCI Data Security Standard. The standard specifies processes and precautions for handling, processing, storing and transmitting credit card data across all payment channels, including retail stores, mail order and e-commerce.
Released in September 2006, PCI Data Security Standard 1.1 outlines 12 broad-based requirements, grouped under six categories. Many address network security and access control issues. But requirement 11—to regularly test security systems and processes—also deals with application security concerns.
It specifies, among other things, that Web applications are subjected to quarterly vulnerability scans performed by an outside vendor qualified by PCI. (ScanAlert is one such vendor; Qualys is another.) Requirement 11 also mandates application-layer penetration tests at least once a year, and after any significant application or modification.
Failure to meet the PCI Data Security Standard 1.1 by June 2007 could result in a fine as high as US$500,000, and could also bar a business from processing credit card transactions. Penalties can vary from one credit card company to another.
Share this link: http://sdt.bz/30267
Most Read
Latest News
Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
|
|
|
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
|
|
|
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
|
|
|
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
|
Telerik adds back-end services to Icenium mobile tool suite
Icenium Everlive makes the suite a complete app development platform, the company says
|
|
|
CollabNet fuses CloudForge, TeamForge
New pricing structure and integration gives developers an enterprise-grade choice for dist...
|
|
|
Eclipse release train for Kepler arrives June 26
New version of Eclipse includes Stardust for business process management, and Orion 3.0 fo...
|
|
|
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
|
IDC MarketScape: Worldwide Cloud Testing and ASQ SaaS
Demand for solutions to test applications on the cloud and for the cloud is rising signifi...
|
|
|
Get to Know the Database Decision Factors
What should you look for when choosing a relational database system? This informative arti...
|
|
|
Exploring the Database Forest
Today’s database technology landscape is more dynamic and varied than ever before. What’s...
|
|
|
Data Management Resource Guide
Today’s data is generated by more than just applications. Data is generated by trillions o...
|