contents

business
 
Acunetix Publishes PCI Compliance Guide

Businesses that rely on payment by credit cards are required to comply with the PCI security standards by September 2007. Non compliance could result in loss of merchant account, severe fines and lawsuits. In view of these new regulations, Acunetix has published a PCI Compliance Guide to help companies understand the concept behind the Payment Card Industry as well as documenting the steps needed to reach compliance.

PCI Compliance is a structured security checklist which aims at securing financial data, and helps to distinguish the secure and reliable businesses from the risky ones. The Payment Card Industry Data Security Standard was created in a joint effort by the major credit card companies: American Express, Visa, MasterCard and Discover to monitor and develop the PCI standard. Consumers who use credit/debit cards online to purchase products or services risk suffering financial losses when businesses process their transactions through systems which are not secure. The PCI standard aims to stop the cause of online financial and identity theft from its source by ensuring the systems which process and store customer details are secure.

The PCI compliance specification describes a set of requirements which participating businesses must observe to ensure that correct measures are taken to secure all data, both internal and externally exposed. The Acunetix PCI Compliance Guide describes the following categories in detail:
1. Secure Network Design and Maintenance;
2. Cardholder Data Protection;
3. Vulnerability Management Program Maintenance;
4. Strong Access Control Measures Implementation;
5. Regular Network Testing and Monitoring;
6. Information Security Policy Maintenance.

All businesses which apply the PCI compliance procedure must use the services of approved companies to perform compliance security scans. The results of these scans are issued in detailed compliance reports which are then used for approval by the specific card company requirements. The PCI Compliance specification is more than just a rule-set to which organizations must abide. It is also a guideline which provides a method to trace and secure all the potential security flaws which might be exploited. Detecting these potential exploits is made easier by using tools such as web vulnerability scanners and network scanners.

The PCI Compliance Guide is availablehere.



write your comments about the article :: © 2007 Computing News :: home page