Payment Card Data - Know Your Defense Options

20 Pages Posted: 30 Apr 2008

Abstract

With the advent of the Payment Card Industry Data Security Standard (PCI DSS), protecting stored credit card numbers is no longer optional. Any company that stores, processes, or transmits credit card information - regardless of size or volume of transactions - must secure stored credit card data or face serious consequences for non-compliance, including fines, higher transaction fees, the loss of brand integrity, and erosion of market value. But while the PCI standard offers broad guidance - featuring rules on the proper use of firewalls, web application firewalls, computer access controls, antivirus software, and more - encryption requirements are proving to be among the most difficult for organizations to address. And to complicate the situation even further the compensating controls defined in PCI DSS 1.1 are not fully addressing the growing threat from data level attacks. This article will review different approaches to protect credit card data that can be combined to significantly strengthen an organization's security posture, while minimizing the cost and effort of PCI compliance.

Keywords: PCI, data security, retail security, encryption

Suggested Citation

Mattsson, Ulf T., Payment Card Data - Know Your Defense Options. Available at SSRN: https://ssrn.com/abstract=1126002 or http://dx.doi.org/10.2139/ssrn.1126002

Ulf T. Mattsson (Contact Author)

Protegrity Corp. ( email )

One Cantebury Green
Stamford, CT 06901
United States

HOME PAGE: http://www.ulfmattsson.com

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
252
Abstract Views
1,132
Rank
241,764
PlumX Metrics