Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Payment Card Industry

Posted on 2011-03-23
5
Medium Priority
?
557 Views
Last Modified: 2012-05-11
I wanted to know where I can get information about Payment Card Industry complaince?  Specifically in PCI DSS?

Where can I get help on this?
0
Comment
Question by:vulture714
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35204839
0
 
LVL 18

Expert Comment

by:liddler
ID: 35205158
There are many QSAs (Qualified Security Assessors) who will be only to happy to assist you in this, obviously they all cost money.  
The amount of work you will need to do depends on what level of merchant you are, I think level 1 is >$1bn revenue pa, level 2 is $500k--$1bn down to level 4.
A level 1 needs external assessment and audit, level 2 has a mixture of self and external assessment and audit.

The standards are updated each year, usually in October and PCI DSS compliance does require a lot of work (I work for a level 2 merchant)
0
 

Author Comment

by:vulture714
ID: 35210440
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
LVL 18

Expert Comment

by:liddler
ID: 35213074
I'm not sure there is a simple checklist, the PCI DSS is pretty long and detailed and there are many many controls you need to adhere to.
I can give you a few starters:
Store credit card information in as few places as possibly, preferably none
Firewall all CC data from everything else
encrypt all CC traffic
Keep all systems patched up-to-date and if windows anti-virused up-to-date
Complex passwords that change regularly
2 factor authentication, especially for external access
audit log everything related to CC info and review logs for suspicious activity
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 35221049
Pls see the below resources

a) List of PCI DSS Audit Questions and Checklist
@ http://www.compliancesforum.com/download-pci-dss-audit-questions-and-checklist

b) Scanner tool to check compliance (just an example)
@ http://www.manageengine.com/products/security-manager/index.html

c) Other useful reference - check out specific security device specification checklist to comply with PSI-DSS. In particular see the Requirements for Approved Scanning Vendors (under pg 3)
@ http://www.compliancesforum.com/tag/pci-dss
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question