• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 567
  • Last Modified:

Payment Card Industry

I wanted to know where I can get information about Payment Card Industry complaince?  Specifically in PCI DSS?

Where can I get help on this?
0
vulture714
Asked:
vulture714
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
0
 
liddlerCommented:
There are many QSAs (Qualified Security Assessors) who will be only to happy to assist you in this, obviously they all cost money.  
The amount of work you will need to do depends on what level of merchant you are, I think level 1 is >$1bn revenue pa, level 2 is $500k--$1bn down to level 4.
A level 1 needs external assessment and audit, level 2 has a mixture of self and external assessment and audit.

The standards are updated each year, usually in October and PCI DSS compliance does require a lot of work (I work for a level 2 merchant)
0
 
vulture714Author Commented:
What about some type of a checklist for the office.   What I need is a checklist of what do to and what not to do when it comes to information technology.
0
 
liddlerCommented:
I'm not sure there is a simple checklist, the PCI DSS is pretty long and detailed and there are many many controls you need to adhere to.
I can give you a few starters:
Store credit card information in as few places as possibly, preferably none
Firewall all CC data from everything else
encrypt all CC traffic
Keep all systems patched up-to-date and if windows anti-virused up-to-date
Complex passwords that change regularly
2 factor authentication, especially for external access
audit log everything related to CC info and review logs for suspicious activity
0
 
btanExec ConsultantCommented:
Pls see the below resources

a) List of PCI DSS Audit Questions and Checklist
@ http://www.compliancesforum.com/download-pci-dss-audit-questions-and-checklist

b) Scanner tool to check compliance (just an example)
@ http://www.manageengine.com/products/security-manager/index.html

c) Other useful reference - check out specific security device specification checklist to comply with PSI-DSS. In particular see the Requirements for Approved Scanning Vendors (under pg 3)
@ http://www.compliancesforum.com/tag/pci-dss
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now