PCI DSS Compliance Checklist

PCI DSS Compliance Checklist
Here are the 12 primary requirements of the PCI DSS :

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security

Payment Card Industry Data Security Standard (PCI DSS)
With e-commerce on the rise, there have been numerous financial transactions made online, many of which involve making credit card payments for purchases. This increase in online payments has subsequently resulted in the growth of cases involving credit card fraud. Card numbers and card holder data are sensitive information which need utmost protection so that misuse is prevented and information is secured.

Therefore as a strategic security measure, companies & vendors handling credit and debit card information now need to comply with stringent security standards drawn by major credit card companies like VISA, MasterCard, American Express etc. so that security breaches are prevented and card holder data is safeguarded. The standard to be followed is a set of security requirements known as the Payment Card Industry Data Security Standard (PCI DSS) and applies to all members, merchants and service providers that store, process or transmit cardholder data regardless of transaction type (point of sale, phone, e-commerce, etc.).

What is the PCI DSS ?

The PCI DSS stands for Payment Card Industry Data Security Standard. It is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It represents a set of rules that need to be adhered to by businesses that process credit cardholder information, to ensure data is protected. The PCI Data Security Standard comprise 12 general requirements designed to:

Build and maintain a secure network
Protect cardholder data
Ensure the maintenance of vulnerability management programs
Implement strong access control measures
Regularly monitor and test networks
Ensure the maintenance of information security policies
This standard is governed by PCI Security Standards Council https://www.pcisecuritystandards.org

Why should you comply to PCI DSS ?

Organizations that store and handle credit card information of their customers, irrespective of their size and nature of business, are always at a high risk of cardholder data misappropriation by criminals and other sources with malicious intent. Such security breaches will result in fines levied by credit card companies, litigations and loss in trust, and eventually business. Moreover, there is a deadline posed by credit card companies to achieve PCI DSS compliance and that is December 2007. Credit card companies levy huge fines up to $500,000 if businesses fail to comply to the PCI DSS within the stipulated time frame. Companies also run the risk of not being allowed to handle cardholder data if found non-compliant and having lost data. As a result, achieving PCI DSS Compliance is top priority for such companies.

Want to know more information? Computer Hacking Liability – Are You At Risk?

Computer Hacking Liability – Are You At Risk?

Presented by McNair Law Firm, P.A.

Please join us for the
InnoVision Forum:

Computer Hacking Liability – Are You At Risk?
What To Do To Avoid Data Breaches and Hacking and
What To Do If You are Hacked

From the US Government to the State of South Carolina, companies and organizations of all sizes are under attack from hackers. The threat of these attacks has escalated so that cyber security professionals admit it is almost impossible to achieve 100% prevention.  According to Verizon’s 2011 report, small and medium sized businesses, as well as governments and municipalities, are the main targets.  Please join us to discuss the legal liability associated with hacking for you and your company, leading edge prevention measures to avoid hacking, and what your obligations are in the event that a breach is suspected or discovered.  We will also discuss the role of the financial institution in these circumstances.

PANEL INCLUDES:

Douglas W. Kim
Attorney
McNair Law Firm, P.A.

 

  • Doug will discuss the current laws concerning security requirements including the Red Flag Rules, PCI Compliance, South Carolina specific laws and recent cases involving hacking.  His discussion will include the recent case where a bank was required to repay monies lost to a customer due to hackers ($345,000.00).

Frank Mobley
Founder and CEO
Immedion, LLC

 

  • Frank will discuss current IT security risks and the prevalence and method of hacking.  He will also include information on how you can better protect your organization against illicit and illegal attempts to garner private information.

Deveren Werne
Founder of Mojoe.net and
Principal of Liquid Video Technologies, Inc.

 

  • Deveren will explain PCI compliance for businesses such as why a business should be PCI compliant and, if not, what are the repercussions of not being compliant, and what a business should do to become compliant from hardware to software perspective.

Wednesday, January 9, 2013
3:00 pm – 5:00 pm Presentations ~ 5:00 pm – 7:00 pm Networking
Location – McNair Law Firm, P.A., Poinsett Plaza, Suite 700, 104 S. Main Street, Greenville, SC

Seating is limited, so please respond early

RSVP to Kathy Ham by email: kham@mcnair.net or by phone: (864) 552-9345

Founding Sponsor:
Deloitte Founding Sponsor of InnoVision Awards

www.innovisionawards.org
Celebrating excellence. Honoring distinction. Applauding innovation.

Security Breach – South Carolina Department of Revenue

Security Breach – South Carolina

COLUMBIA — Last week South Carolina’s Department of Revenue Director (DOR) Jim Etter announced that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers had been exposed in a cyber attack.

Governor Nikki Haley, South Carolina Law Enforcement Division (SLED) Chief Mark Keel and Etter briefed reporters earlier this week on the S.C. DOR information security breach and outlined additional consumer safety solutions, including extended fraud resolution and coverage for dependents who are minors, available to South Carolina taxpayers.

As of Tuesday morning, the Experian call center set up to assist South Carolina taxpayers had received approximately 533,000 calls and approximately 287,000 sign-ups for Experian’s ProtectMyID program. Access to unlimited fraud resolution beyond the one year enrollment period is included in Experian’s ProtectMyID membership and available to any taxpayer affected by DOR’s information security breach. Taxpayers who sign up for protection will also be notified — by email or letter — about how to sign up for a “Family Secure Plan” if they claim minors as dependents.

Gov. Haley and Chief Keel reiterated that anyone who has filed a South Carolina tax return since 1998 should take the following steps:

• Call 1-866-578-5422 to enroll in a consumer protection service. (The call center is open 9:00 a.m. – 9:00 p.m. EST on Monday through Friday and 11:00 a.m. – 8:00 p.m. EST on Saturday and Sunday.)

• For any South Carolina taxpayer who wishes to bypass the telephone option, there currently is an online service available at http://www.protectmyid.com/scdor. Enter the code SCDOR123 when prompted. South Carolina taxpayers have until the end of January, 2013 to sign up.

Experian’s ProtectMyID™ Alert is designed to detect, protect and resolve potential identity theft, and includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year, and consumers will continue to have access to fraud resolution agents and services beyond the first year. Complimentary 12-month ProtectMyID memberships available to South Carolina taxpayers affected by the DOR information security breach include:

• Credit Report: A free copy of your Experian credit report.

• Daily 3 Bureau Credit Monitoring: Alerts you of suspicious activity including new inquiries, newly opened accounts, delinquencies, or medical collections found on your Experian, Equifax® and TransUnion® credit reports.

• Identity Theft Resolution: If you have been a victim of identity theft, you will be assigned a dedicated, U.S.-based Experian Identity Theft Resolution Agent who will walk you through the fraud resolution process, from start to finish.

• ExtendCARE: Full access to the same personalized assistance from a highly-trained Fraud Resolution Agent even after your initial ProtectMyID membership expires.

• $1 Million Identity Theft Insurance: As a ProtectMyID member, you are immediately covered by a $1 Million insurance policy that can help you cover certain costs including, lost wages, private investigator fees, and unauthorized electronic fund transfers.

Liquid Video Technologies can protect your network and information from Security Breaches.

Read more: The Cheraw Chronicle – State officials update security breach