Compliance Whitepaper: Payment Account Secure Storage - The Payment Card Industry (PCI) Data Security Standard (DSS) Solution for Protecting Card Holder Data

Payment Account Secure Storage - The Payment Card Industry (PCI) Data Security Standard (DSS) Solution for Protecting Card Holder Data

Introduction

Many businesses store sensitive customer information including, name, address, social security number, and credit card data. With the advent of the Internet, this information has become increasingly more vulnerable to hackers and fraudsters. In recent years, there has been a dramatic increase in the number of security compromises. In many cases, these incidents have resulted in large scale identity and credit card theft.

In an attempt to reduce the rise in security breaches, governments, special interest groups, and credit card companies have introduced laws and regulations to help govern the storage of sensitive data. Unfortunately, the compliance burden of these laws and regulations typically falls squarely on to the business and merchant community. Further more, to comply with the new regulations and protect themselves against embarrassing data compromises, businesses and merchants are often required to invest an inordinate amount of time and money in everything from high-tech tools to specialized staff.

The following is a small sample of recent regulations aimed at securing data storage:

California issued state legislation through Senate Bill 1386 requiring all compromised business to notify their customers if they believe a compromise of any kind has happened; 31 states have followed suit.
Gramm-Leach Bliley Act (GLBA) of 1999 requires all financial institutions (this includes all companies providing any kind of financial product or service for customers) to ensure confidentiality of customer records and information.
Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to require secure storage of patient information including all financial (billing) information.
The Federal Information Security Management Act is designed to defend against mass attacks on a grand scale of information. For example, a compromise of financial information the size of Card Systems, Inc. (40 million credit card numbers) would be addressed at the federal level due to the nature of the compromise.

Ubiquitous breach of credit card data has been the primary catalyst for the creation of the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS; managed by Visa, MasterCard, American Express, Discover and JCB (Japan Credit Bureau), is designed to increase the level of security related to storing, transmitting, and/or processing cardholder data.

Click Here to read the complete Whitepaper...

\| ARTICLES \| WEBINARS \| SIGN UP \| EVENTS \| SPONSORS \| PARTNERS \| EXPERTS \| ABOUT \| CONTACT \| PRIVACY POLICY \| UNSUBSCRIBE \|
Copyright ©2009 The Compliance Authority, Inc.