What is the role of user authentication in PCI compliance?
Passwords Just Aren’t Enough Password phishing is up dramatically and new, more sophisticated phishing methods have emerged. It’s clear that passwords are highly susceptible to attack and agents can’t be trusted to employ best practices with regard to storing and changing their passwords, let alone protecting their PC from malware that could be used to snoop their passwords. Two-factor authentication (using a password, something you know, plus a second method, such as something you have or... (Read More)
What if I am not PCI compliant?
Enforcement of compliance is done by the bodies holding relationships with the in-scope organisations. Thus, for organisations processing Visa or Mastercard transactions, compliance is enforced by the organisation’s acquirer, while organisations handling American Express transactions will deal directly with American Express for the purposes of compliance. In the case of third party suppliers such as hosting companies who have business relationships with in-scope organisations, enforcement of... (Read More)
What are the PCI DSS Requirements?
The current version of the standard (1.2) specifies 12 requirements for compliance, organized into six logically related groups, which are called “control objectives.” Control Objectives PCI DSS Requirements Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission... (Read More)
What is the Payment Card Industry (PCI) Data Security Standard?
The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands. The... (Read More)
Resource Sites
PCI Information PCISecurityStandards.org Wikipedia Visa Associations Consumer Data Industry Association Society of Payment Security Professionals Merchant Risk Council Related Products/Services PhoneFactor – Two Factor Authentication Phone Authentication Tokenless Two-Factor Authentication Read More →
