Payment Card Industry (PCI) Data Security Standard
Your customers want assurance that their credit card account information is safe. However, offering your customers a safe and secure way to pay is more than just a good business practice—it’s a Visa and MasterCard processing requirement and in some states it’s becoming the law. With the rising incidence of credit card fraud, there is an ever-increasing focus on protecting consumer data. Any cardholder data obtained during the payment process is confidential, and therefore must be protected by merchants. Every merchant who touches credit card account information is responsible for safeguarding that information, and can be held liable for security compromises if they have not taken the required precautions.To help prevent the theft of card data, Visa and MasterCard, along with other major card associations (American Express and Discover), have developed a common security standard for all merchants that process cardholder data. The PCI Data Security Standard Program applies to all entities that store, transmit or process cardholder data regardless of payment method (online, mail/telephone orders or in-person retail). The fines and penalties for non-compliance with these requirements range from $25,000 to as high as $500,000. Thus, compliance with this new standard is critical.
This new industry standard, the Payment Card Industry (PCI) Data Security Standard, is intended to ensure that merchants' card processing procedures meet certain security requirements. The following 12 requirements comprise the PCI Data Security Standards and apply to all merchants that process, transmit, or store cardholder data:
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
These standards sometimes referred to as the "digital dozen," represent good business practices; but each standard is also comprised of more detailed requirements which govern the procedures for safeguarding transaction data. Many merchants have taken steps to comply with these requirements, but those that remain out of compliance face significant fines, expensive recovery costs, possible loss of ability to accept card transactions, and damage to their business reputation. These consequences are being experienced regularly by merchants that ignore compliance requirements or experience cardholder data compromises.
Global Electronic Technology, Inc. (GET) understands the importance on ensuring that our merchant customers have access to state-of-the-art tools to protect transaction information and cardholder data. We are taking an active role in helping merchants comply with the PCI Data Security Standards and will be contacting every GET merchant to provide an easy to use online compliance program. This program consists of a self-assessment questionnaire along with periodic certified network security scans (if applicable).
Should you have any questions regarding the PCI Data Security Standards, please do not hesitate to contact one of our Customer Service representatives at 888-775-1500. To learn more about the PCI Data Security Standards please visit:
* http://www.pcisecuritystandards.org
* http://www.visa.com/cisp
* https://sdp.mastercardintl.com
Global Electronic Technology, Inc. is a registered ISO/MSP for Merrick Bank, South Jordan, UT, FDIC insured.
Copyright © 2002-2008. Global Electronic Technology, Inc, All Rights Reserved.
PCI Data Security
Payment Card Industry (PCI) Data Security Standard
Your customers want assurance that their credit card account information is safe. However, offering your customers a safe and secure way to pay is more than just a good business practice—it’s a Visa and MasterCard processing requirement and in some states it’s becoming the law. With the rising incidence of credit card fraud, there is an ever-increasing focus on protecting consumer data. Any cardholder data obtained during the payment process is confidential, and therefore must be protected by merchants. Every merchant who touches credit card account information is responsible for safeguarding that information, and can be held liable for security compromises if they have not taken the required precautions.To help prevent the theft of card data, Visa and MasterCard, along with other major card associations (American Express and Discover), have developed a common security standard for all merchants that process cardholder data. The PCI Data Security Standard Program applies to all entities that store, transmit or process cardholder data regardless of payment method (online, mail/telephone orders or in-person retail). The fines and penalties for non-compliance with these requirements range from $25,000 to as high as $500,000. Thus, compliance with this new standard is critical.
This new industry standard, the Payment Card Industry (PCI) Data Security Standard, is intended to ensure that merchants' card processing procedures meet certain security requirements. The following 12 requirements comprise the PCI Data Security Standards and apply to all merchants that process, transmit, or store cardholder data:
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
These standards sometimes referred to as the "digital dozen," represent good business practices; but each standard is also comprised of more detailed requirements which govern the procedures for safeguarding transaction data. Many merchants have taken steps to comply with these requirements, but those that remain out of compliance face significant fines, expensive recovery costs, possible loss of ability to accept card transactions, and damage to their business reputation. These consequences are being experienced regularly by merchants that ignore compliance requirements or experience cardholder data compromises.
Global Electronic Technology, Inc. (GET) understands the importance on ensuring that our merchant customers have access to state-of-the-art tools to protect transaction information and cardholder data. We are taking an active role in helping merchants comply with the PCI Data Security Standards and will be contacting every GET merchant to provide an easy to use online compliance program. This program consists of a self-assessment questionnaire along with periodic certified network security scans (if applicable).
Should you have any questions regarding the PCI Data Security Standards, please do not hesitate to contact one of our Customer Service representatives at 888-775-1500. To learn more about the PCI Data Security Standards please visit:
* http://www.pcisecuritystandards.org
* http://www.visa.com/cisp
* https://sdp.mastercardintl.com
Global Electronic Technology, Inc. is a registered ISO/MSP for Merrick Bank, South Jordan, UT, FDIC insured.
Copyright © 2002-2009. Global Electronic Technology, Inc, All Rights Reserved.