Securing credit card data is one of the most pressing information security challenges facing organizations today. Identity theft is the fastest growing form of crime in the United States. In response, card associations (led by Visa and MasterCard) have created a data security standard called the Payment Card Industry (PCI) Data Security Standard (DSS). PCI DSS compliance is mandatory for all organizations that “process, store, or transmit” cardholder data. Furthermore, federal and state governments (like Minnesota, Nevada, etc.) have added their own compliance requirements, including the Federal Trade Commission (FTC) Act and state notification laws. As a result of these compliance obligations, damages from a compromise of cardholder data often total millions of dollars.
Securing credit card data and achieving compliance requires more than periodic vulnerability scanning and annual audits. True compliance is achieved when companies are able to make the right security decisions throughout the year and are required to:
• Understand rapidly evolving security compliance obligations.
• Develop an enterprise-wide strategy and plan for achieving compliance.
• Implement required operational changes.
• Train employees on threats and compliance obligations.
• Maintain compliance throughout the year.
Small and midsize merchants are prime targets for data thieves. It’s merchant’s job to protect cardholder data at the point-of-sale. If cardholder data is stolen, and fault is determined to lie with the merchant, the following could be incurred; fines, penalties, even termination of the right to accept payment cards. PCI Data Security Standard compliance can protect cardholder data and prevent theft.
Team SeNet follows the approach outlined below when performing PCI assessments.
1. Test Planning and Scope
2. Testing Approach and Methodology
3. Reporting and Deliverables