The current Payment Card Industry (PCI) Standards have been around in various forms for over a decade. In 2004 Visa, Master Card, Discover and JCB were the major players who combined efforts to set security compliance standards in the industry. In 2011, version 2.0 was released, of Payment Card Industry Data Security Standard (PCI DSS) specifying six main compliance groups:
1. Build and maintain a secure network
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Regularly monitor and test networks
6. Maintain an information security policy
Much like HIPPA, Sarbanes Oxley and Gramm-Leach-Bliley Act before it, the extent of regulation and PCI compliance much depends on transactional complexity and can affect providers, merchants and small businesses differently. A Google search will quickly reveal a plethora of online PCI experts, guides, and organizations that provide PCI Compliance Certification. At its core PCI standards aim to provide a comprehensive guide to address security, for credit card related data both at rest, in use and in motion or transit.
Data Encryption is now playing a vital role in addressing many PCI DSS Compliance needs for organizations.
For instance, by encrypting desktops, laptops and server drives, organization can protect stored data, and in turn address at least 4 of 12 compliance requirement, listed here for your convenience:
Requirement 3: Protect stored cardholder data
Requirement 6: Develop and maintain secure systems and applications
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 12: Maintain a policy that addresses information security
No, this doesn’t necessarily mean that you have to go out and hire a PCI expert, or train your IT team to manage encryption to meet your PCI compliance needs. Among the simplest steps small and medium businesses (SMB) can take towards data encryption and PCI compliance is to select PCI compliant Service providers. The right Hosted Payment Technologies, and the right partners for cloud and mobile payment security is a great start. Consider Hosted / SaaS solutions for Laptop, Desktop and Server Encryption for instance. An endpoint device encryption solution managed from the cloud, can be very efficiently run, reducing in house infrastructure, and would address the above listed PCI Compliance requirements.
Get into contact with us;
*By Filling Out the Form Below
[contact-form-7 id=”3812″ title=”Blog Lead”]