Articles
RSSPCI Compliance: How To Address PCI Compliance Requirements?
December 9, 2007
•White Paper: PCI Compliance: How To Address PCI Compliance Requirements?
Credit card theft is costing the U.S. economy an estimated $500 million a year and the cost to the economy has increased at 21% annually over the last two years. In an effort to curb the sharp rise and strikingly large impact of credit card theft, the top five payment card brands – American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International – have formed the Payment Card Industry (PCI) standards council. This council has defined security guidelines in the form of the PCI Data Security Standard or the PCI DSS that applies globally to all merchants and service providers that store, process and transmit credit card data.
The PCI DSS standard consists of "a set of comprehensive requirements for enhancing payment account data security" that includes twelve major security requirements to secure payment account information and testing methodologies to ensure these requirements are met. The PCI security standard can be found at https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm.
On January 1, 2007, a new revision of the PCI DSS, called PCI DSS v1.1, went into effect. PCI DSS v1.1 succeeds the PCI DSS January 2005 (a.k.a PCI v1.0), which succeeds the VISA CISP standard. With PCI DSS v1.1, requirements have been added to, clarified and modified to reflect changes in the security landscape since 2004 and to offer alternatives for retailers to make compliance more practical. A good summary of changes in PCI v1.1 can be found at http://www.eweek.com/article2/0,1895,2016873,00.asp.
The increasing adoption of WLANs creates a new set of security threats and vulnerabilities to networks in retail stores that carry credit card data. To this end, PCI DSS v1.1 provides specific security requirements for different wireless LAN applications– from wireless in-store inventory applications to applications such as wireless Point-Of-Sale that wirelessly transmit payment card information. There are even requirements for retailers that do not operate wireless LANs, but may come in contact with them in ways that could impact the security of the retailer's connection to the credit card processing network. This paper describes the requirements and solutions for all requirements that relate to wireless LANs in the new PCI DSS v1.1.
Click Here To Download:•White Paper: PCI Compliance: How To Address PCI Compliance Requirements?
