Contrasting Payment Card Industry Data Security Standard (PCI DSS) compliance solutions with a best practices approach to information security

If you are an organization that processes credit or debit card information, including merchants and third-party service providers that accept, capture, store, process or transmit credit or debit card data (both electronic and non-electronic); then compliance with PCI DSS is not a request, or a suggestion, but a requirement. A single violation of any of the requirements can trigger an overall non-compliant status. Each non-compliant incident will result in steep fines, suspension and revocation of card processing privileges.

What is PCI DSS?

PCI DSS is not about data security; it is about credit card data security. This does not mean that PCI DSS cannot provide a great framework for non-credit card data security as well. This paper is not intended to be an analysis of the PCI DSS. Rather, it is a common sense look at a range of information security wisdoms and best practices than can be used to assist in being in compliance with PCI DSS, while having the additional effect of increasing an organization’s overall security posture. However, it is important to summarize PCI DSS and define credit card data security, so that a frame of reference exists to understand the usefulness of these wisdoms and best practices.

At face value, PCI DSS is a 6 goal and 12 requirement program; but these 12 requirements break into some 240 detailed line items. The current standard is 1.1, with PCI DSS 1.2 expected to be released in October 2008. No details have yet been released pertaining to the new standard, but it is rumored to be evolutionary rather than revolutionary.

Click Here to read the complete Whitepaper...