Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
A merchant is defined as any entity that accepts payment cards from the five brands (American Express, Discover, JCB, MasterCard, or Visa)
The PCI Security Standards Council defines a service provider as a Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. This also includes companies that provide services that control or could impact the security of cardholder data.
Note that a merchant that accepts payment cards as payment for goods and/or services can also be a service provider, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers
As a merchant, you are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.
The core of PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network
Requirement 1 – Install and maintain a firewall configuration to protect cardholder data
Requirement 2 – Do not use vendor–supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3 – Protect stored cardholder data
Requirement 4 – Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5 – Use and regularly update anti–virus software
Requirement 6 – Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7 – Restrict access to cardholder data by business need–to–know
Requirement 8 – Assign a unique ID to each person with computer access
Requirement 9 – Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10 – Track and monitor all access to network resources and cardholder data
Requirement 11 – Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12 – Maintain a policy that addresses information security
Outsourcing the payment page doesn’t eliminate your PCI DSS responsibility. When you outsource to a third party service provider, the point of redirection needs to be protected. You also have ...
We use cookies to optimize our website and our service.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.