Merchants 5 Step Guide
To PCI Compliance
|
ISO / Acquirers 5 Step Guide
To PCI Compliance
|
|
UPDATED PCI COMPLIANCE STANDARD
In September of 2006, the five leading payment brands formed an independent council to manage the Payment Card Industry (PCI) Data Security Standard. American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International saw the need to secure payment account data in a globally consistent manner. The new council will develop a system that will be more accessible and efficient for all merchants, processors, point-of-sale (POS) vendors and financial institution. As a result, the ongoing monitoring and development will benefit more than one billion payment card users.
Duties of the PCI Security Standards Council will be to:
- Develop and maintain a global, industry-wide technical data security standard for the protection of accountholder account information;
- Reduce costs and lead times for Data Security Standard implementation and compliance by establishing common technical standards and audit procedures for use by all payment brands;
- Provide a list of globally available, qualified security solution providers via its Web site to help the industry achieve compliance;
- Lead training, education, and a streamlined process for certifying Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs), providing a single source of approval recognized by all five founding members; and
- Provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.
Seana Pitt, chairperson, PCI Security Standards Council said in the press release "Ensuring the security of electronic payments is of paramount importance to all stakeholders, not just the payment brands."
Each brand will manage its compliance requirements. Penalties will also be set by each brand.
Documents available from the council are:
Payment Card Industry Self-Assessment Questionnaire (pdf)
A new Self-Assessment Questionnaire will be available by January 1, 2007.
PCI DSS Security Audit Procedures (pdf)
This document is designed for use by assessors conducting onsite reviews for merchants and service providers required to validate compliance with Payment Card Industry (PCI) Data Security Standard (DSS) requirements. The requirements and audit procedures presented in this document are based on the PCI DSS.
PCI DSS Security Scanning Procedures
This document explains the purpose and scope of the Payment Card Industry (PCI) Security Scan for merchants and service providers who undergo PCI Security Scans to help validate compliance with the PCI Data Security Standard (DSS). Approved Scanning Vendors (ASVs) also use this document to assist merchants and service providers in determining the scope of the PCI Security Scan.
PCI DSS Summary of Changes
The Payment Card Industry Data Security Standard (DSS) v 1.1 has replaced the DSS v. January 2005, and the PCI Security Standards Council will no longer recognize DSS v. 2005 after December 31, 2006. This Summary of Changes document provides an overview of the significant differences between the two versions.
| Step 1: An Introduction to PCI Compliance
Step 2: Finding The PCI DSS Merchant, Service and Compliance Level
Step 3: Attaining PCI DSS Compliance-Merchant
Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV)
Step 5: Completing the PCI DSS Self Questionnaire
|
Sponsored Listing:
 |
|
|
|
|
