Payment Card Data - Know Your Defense Options
20 Pages Posted: 30 Apr 2008
Abstract
With the advent of the Payment Card Industry Data Security Standard (PCI DSS), protecting stored credit card numbers is no longer optional. Any company that stores, processes, or transmits credit card information - regardless of size or volume of transactions - must secure stored credit card data or face serious consequences for non-compliance, including fines, higher transaction fees, the loss of brand integrity, and erosion of market value. But while the PCI standard offers broad guidance - featuring rules on the proper use of firewalls, web application firewalls, computer access controls, antivirus software, and more - encryption requirements are proving to be among the most difficult for organizations to address. And to complicate the situation even further the compensating controls defined in PCI DSS 1.1 are not fully addressing the growing threat from data level attacks. This article will review different approaches to protect credit card data that can be combined to significantly strengthen an organization's security posture, while minimizing the cost and effort of PCI compliance.
Keywords: PCI, data security, retail security, encryption
Suggested Citation: Suggested Citation