Welcome!

Agile Computing Authors: Elizabeth White, Pat Romanski, Liz McMillan, Yeshim Deniz, Andy Thurai

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Cognitive Computing , Agile Computing, Release Management

Cloud Security: Article

What Are the Basics of PCI DSS?

Why is it so important to businesses today?

First, PCI DSS stands for Payment Card Industry Data Security Standard. It started out as a series of five separate programs, namely: American Express Data Security Operating Policy, Discover Information and Compliance, JCB Data Security Program, MasterCard Site Data Protection and Visa Card Information Security Program.

While each program was unique and came from different (in some cases, competing) brands, the overall aim was the same throughout: to ensure merchants meet minimum levels of security in storing, processing and transmitting cardholder data in order to better protect card issuers.

The five separate but similar policies were eventually collated in 2004 when the PCI DSS was created. Soon afterward, each company aligned their own policies to correlate with that of the new industry standard.

Updates
Since its creation in 2004, the PCI DSS policy has undergone numerous updates in order to keep on top of recent developments, whilst improving clarity and flexibility. One of the largest of these updates came in 2009 when the PCI DSS was amended to deal with wireless transactions. This brought about the recommendation for all firms to use a Wireless Intrusion Prevention System to remain PCI DSS-compliant in the new marketplace.

Another sizeable update came in 2010 regarding call centre work. Often in call centre work, customers are asked to read out their card information, including the CVV code, to the person on the other end. Furthermore, the majority of calls are recorded for security and training purposes, meaning that others in the call centre can gain access to the recordings without needing to undergo security clearance. This made the process of 'skimming' details incredibly easy.

This practice leads to revisions into procedure for call centre recordings. Now, call centres are not permitted to store recordings that include the three-digit CVV number if they can be queried.

Requirements
When in operation, PCI DSS is aimed at providing 12 requirements to cover six main control objectives. The first objective is to build and maintain a secure network. To ensure compliance, businesses need to install and maintain a firewall to protect cardholder data. They must also not use vendor-supplied defaults for their security measures (such as using 'password', the business name or '0000' as a passwords or codes).

Secondly, in order to protect cardholder data, businesses must protect any information they have stored on system and ensure that any data that is transmitted across open, public networks is comprehensively encrypted.

The third control objective is to maintain a vulnerability management programme. To attain compliance, businesses must use and maintain anti-virus software on all their systems that may otherwise be affected by malware. This must be kept up-to-date at all times to guarantee protection against even the newest threats. Businesses must also develop and maintain secure systems and applications across the network.

To implement strong access control measures (the fourth objective), businesses must restrict access to cardholder data by business on a need-to-know basis. They must then assign each different computer user with a unique ID so usage can be tracked back to each individual. Firms must also restrict physical access to cardholder data.

The fifth objective tasks firms with regularly monitoring and testing their networks. To ensure compliance here, businesses must track and monitor all access to network resources and cardholder data, as well as regularly test their security systems/processes.

Lastly, businesses must ensure they maintain a policy that addresses information security.

Keeping up to date with PCI DSS can be a large undertaking for a brand, but high-profile cases of firms that have seen their security breached - as well as the fall-out that came afterwards - shows just how important it is to stick closely to the best practice guidelines.

More Stories By Dominic Monkhouse

Dominic Monkhouse joined PEER 1 Hosting as managing director of the company's new UK operations in January, 2009, bringing more than 14 years of IT industry experience to the team. He is the key executive responsible for building and growing PEER 1 Hosting's expansion into Europe. In his role as managing director, Dominic is responsible for sales, marketing and service delivery across PEER 1 Hosting's UK business and ensuring overall customer satisfaction. His role is integral to the company's continued commitment to customer service.

Before joining PEER 1 Hosting, Dominic served as managing director of IT Lab, where he was able to quickly transform the company into the fastest growing IT service provider in the UK SME market. Prior to IT Lab, he was managing director of Rackspace, which grew from a staff of four to 150 under his guidance.

Dominic has a Bachelor of Science in Agricultural and Food Marketing from Newcastle University and a MBA from Sheffield Business School in the UK. He frequently participates in public speaking events on the topic of creating great places to work and achieving continuous client satisfaction. He also is involved as a judge of the Sunday Times Customer Experience Awards.

IoT & Smart Cities Stories
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...