PCI-DSS - Payment Card Industry Data Security Standard
The PCI Data Security Standard emerged recently among a cluster of other regulations that came out in the last 10 years: Basel II, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, Sarbanes Oxley Act of 2002 and California State Bulletin 1386 to name a few.
Several credit card organizations that develop and manage their own standards independently are participating in the PCI effort: Visa, MasterCard, American Express, Diner's Club, Discover Card and JCB. The PCI DSS is a collaborative effort to achieve a common set of security standards for use by entities that process, store or transport payment card data.
Scope of requirements
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. Merchants and service providers who handle payments through cards are mandated to be PCI DSS compliant.
According to the PCI DSS 1.2, the security requirements apply to all "system components" that is included or connected to the cardholder data environment. These system components include:
- Network components: firewalls, switches, routers, wireless access points, network appliances, security appliances
- Servers: web, database, authentication, mail, proxy, DNS, NTP
- All applications, internal and external, purchased or custom
Cost of non-compliance
The first thing that a non-compliant organization would be exposed to issignificant fines and penalties. Visa set compliance deadlines of September 30, 2007 for the largest merchants and December 31, 2007 for the middle-sized US merchants.
Since the beginning of this year, Visa has started levying monthly fines of $25,000 to non-compliant US merchants and $5,000 to their Acquirers.
In addition to non-compliance fines (which are enforced by Visa), the PCI DSS allow the various card brands to fine a merchant for non-compliance with PCI for each incident. The fines can amount to $500,000 per incident per card brand per compromise type (PCI includes both the PCI DSS and the PCI PIN requirements). A merchant carrying 3 credit card types could end up paying $3M for each incident.
OpenText Connectivity Solutions for PCI-DSS Compliance
As a leading Connectivity solution vendor, OpenText offers a successful line of network security products which can help companies in their effort to become PCI DSS compliant.
With more than 20 years of experience in the enterprise connectivity market, OpenText Connectivity Solutions covers a broad spectrum of needs including:
- Data in transit security
- Heterogeneous networks data exchange
- Data integration and transformation
- Legacy applications access
- Access to high-end graphical Unix applications
We have been serving companies of all size which have deployed our solutions in a wide variety of mission-critical environments, from market rooms to engineering offices.
If your organization hosts or interacts with credit card data, there is no doubt that you will be impacted by the PCI standard sooner or later. Contact OpenText Connectivity Solutions Group today to find out how we can help you along the way to PCI compliance. We will assess your connectivity PCI requirements and propose you the solutions that best suit your needs.