I. Components of PCI standards
PCI Data Security Standard (PCI DSS)
(PCI DSS) is the base standard for merchants and card processors. It addresses security technology controls and processes for protecting cardholder data. Attaining compliance with PCI DSS can be tough, and can drastically impact your organization’s business processes, service, and technology architecture (Microsoft, 2009). PCI DSS version 1.2 is the most recent version of the standard, and takes the place of all previous versions of PCI DSS. The DSS standard is structured into the group of six principles and 12 requirements.
Payment Application Data Security Standard (PA DSS)
(PA DSS) is the baseline for the software developers who commercially develop software for processing payment cards.
PIN Entry Device Security Requirements (PED)
(PED) is the standard for manufacturers of payment card devices used at the point of sale. It is mandatory by PCI DSS for software developers, merchants and card processors that they should use only approved devices compliant with PED (SearchFinancialSecurity, 2010).
II. Significance and Benefits of PCI
Following the PCI compliance guide lines and procedures can help business for maintaining their credibility. PCI compliance boosts the confidence through a high level of security standards. PCI compliance provides a health check for any business that stores or transmit customer information. Merchants who are PCI compliant are offered protection from the fines if you should happen to be breached (Eliason, 2008).
General Requirements for Payment Card Industry Data Security Standards
There are total six PCI data security standards and each one of them has its own implementation requirements (Practical eCommerce Staff, 2007...
... middle of paper ...
...d information from forwarding, copying, modifying, faxing and printing. It also prevents sensitive information from being copied with the windows print screen feature. Microsoft Security Assessment Tool is a free application that helps the organizations to access weaknesses in a working IT infrastructure. It exposes a prioritized list of issues and provides guidance to minimize those risks. Microsoft Baseline Security Analyzer is an easy-to-use tool that identifies common security related risks in a number of Microsoft products including operating systems, explorer and office suite. It provides the details on missing security update patches. Keeping your systems up-to-date is a very important way to secure your IT infrastructure. Operation Manager 2007 can securely and effectively extract and collect the logs from operating systems running windows operating system.
This part of Ceridian is the number one supplier of electronic cash card and related services to the over-the-road trucking industry. Comdata's proprietary credit and debit card is a multi-service card, which allows payment for a range of personal and company related expenditures through a single card. Comdata serves over one million truckers in the United States with its proprietary card for over-the-road truck carriers and with a co-branded Comdata MasterCard® for local fleets. This is the credit card of choice for large local fleet operators including Pepsico, SYSCO and Frito Lay. Comdata is also a leading provider of retail gift, cash and stored value chip cards. In 2003 Comdata shipped more than 250 million cash cards to retailers, grocery and restaurant chains, and entertainment companies. Retailers including The Gap, Lowe's, Applebee's, Safeway, J.C. Penney and Kroger take advantage of Comdata's stored value card services.
One of the demands in healthcare today is to have the ability to allow healthcare organizations to exchange patient health related information with other healthcare organizations. This was made possible by the creation of the electronic health record (EHR), electronic medical record (EMR) and personal health record (PHR). The EHR, PHR and the EMR allowed for patient’s paper medical charts into transformed into electronic charts. This allowed for a better way to organize the information that was contained the paper medical chart. The health organization began to realize they could use these electronic charts for a better way to care and share patient health related information. However, as the transmission of data continued, the need for standards developed to insure the interoperability of these healthcare systems. Two of the standards that were created in order to help with the electronic transmission of medical data are the Continuity of Care Record (CCR) and the Continuity of Care Document (CCD).
...tivities and processes." Similarly, the submitters' code of conduct being prepared by the banks on the CDOR panel in consultation with IIROC and the Bank of Canada has yet to be published, but it is known that the code "will specify minimum standards for submission methodology, internal oversight and records retention" relating to CDOR submissions.
For many years, Target has been hesitant to change credit card security and has shown little to no motivation to make changes. Due to the lack of security measures, hackers were able to steal the identities of many consumers. When credit cards are swiped, the transaction goes through the process of authorization, clearing and settlement. Each phase of the process entails the exchange of transaction data and money that needs to be settled and balanced. This process concludes when the cardholder pays for the goods or services listed on the monthly credit card statement. This is the current system that is used by Target. The company uses a customized version of the Hypercom Optimum L4150 High-Performance Multi-Lane Payment and Advertising Terminal which features a color glass touch screen that offers the brightest and the clearest interface for efficient interactive advertising at the point of sale (POS). “Global payment technology leader Hypercom Corporation delivers a full suite of high security, end-to-end electronic payment products and services” (CARTES & Identification, 2007). The benefits of this device and terminal included an advanced security structure which simplified hardware and application authentication, various privacy options which eliminated the need for add-on physical privacy shields that interfere with terminal usage by the consumer (CARTES &
...e user while using the software applications. This could be word processor documents, spreadsheets, presentations, web pages or game save files. It is important to keep this data secure, as it could include important information such as customer details, employee payroll data or financial information. There are huge amounts of user data stored by businesses that are absolutely vital to the running of the business.it is therefore extremely important to keep a copy of this data that is currently stored on the system.
If the card has been abused and fraudulent purchases or money withdrawals have been debited to the unfortunate cardholders’ bank or
...rvices to the customers. Hence, the establishment of compliance program creates a guideline that urges the corporations to be responsible for the actions that they commit and helps to detect any misconduct and offenses.
In order for electronic business to prosper, consumers must not be concerned that they will be manipulated, have their credit card numbers stolen, or receive poor quality goods or service.
Control targets and necessities of PCI DSS . This is a standard security alliance, strategies, development schemas that show diagram, as opposed to the partition of programming, align and different measures to get the cover together .
The world of business is full of different regulatory and legal requirements. In order to fulfil the responsibilities, companies must create a program of comprehensive compliance.
However, a DSS tool is Online Analytical Processing (OLAP) –Decision support system is an interactive computerized system which gathers and presents for business purposes from various sources (webopedia.com, 2014). OLAP is a tool that enables the user to analyze different data dimensions. It provides time series as well as trend analysis views. OLAP tools are used by analysts where they employ relatively simple techniques which include induction, deduction as well as pattern recognition to so as to derive new information as well as insights. OLAP is also used in data mining using OLAP server which sits between a database management systems and a client. For example, Infosys – an information technology consultancy, recommended one of the clients to use OLAP solutions as a supply chain analytic solution which contributed 30% of its gross revenue.
An ecommerce privacy policy should be accurate, clear, concise and easy to find on a website. Its appearance serves as a tool of protection to your online business from one side and a tool of protecting customers’ personal information from the other. It also acts as an effective means of being transparent and credible, keeping company accountable for the personal sensitive data it collects, and building trust with its customers and visitors who access its site (Siassios, 2015).
As established by PCI DSS, our company needs to include different aspects to securely handle and store credit cards information. From the perspective of the Information Security Analyst we must to consider the following points:
Today, many people rely on computers to do homework, work, and create or store useful information. Therefore, it is important for the information on the computer to be stored and kept properly. It is also extremely important for people on computers to protect their computer from data loss, misuse, and abuse. For example, it is crucial for businesses to keep information they have secure so that hackers can't access the information. Home users also need to take means to make sure that their credit card numbers are secure when they are participating in online transactions.
To increase the use of digital wallet, it is required to educate consumers about the benefits of a digital wallet in simplifying and streamlining their purchasing experience.