Guide to passing PCI's five toughest requirements
As data security breach threats increase and the Payment Card Industry (PCI) Data Security Standard's authority continues to expand, credit card-processing companies have little choice but to implement PCI's dozen requirements. Some best practices, however, are more difficult to achieve than the others. In this learning guide, Craig Norris explains how to successfully implement the five PCI DSS requirements that have been continuously stumping security professionals.
It is well known by now that the major credit card companies have collectively mandated that all members, merchants...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
and service providers storing, processing or transmitting cardholder data must adhere to the Payment Card Industry (PCI)'s "12 commandments" -- the dozen overarching best practices that make up the guideline -- or else risk possible fines and even the termination of credit card processing privileges. In addition, by Sept. 30, 2007, all Level 2 organizations -- merchants processing more than 150,000 Visa or MasterCard transactions each year or merchants that process more than 1 million transactions annually -- must be compliant with these standards. Unfortunately, the path to PCI DSS compliance can be demanding due to the amount of money, time and effort required.
This learning guide will review a few of the more challenging PCI DSS requirements and provide some tips that enterprises can use to achieve PCI DSS compliance.
![]() |
||||
|
![]() |
|||
![]() |
Sarbanes-Oxley Act compliance audit
Requirement 3: Protect stored data | 79% |
Requirement 11: Regularly test security systems and processes | 74% |
Requirement 8: Assign a unique ID to each person with computer access | 71% |
Requirement 10: Track/monitor network resources and cardholder data | 71% |
Requirement 1: Install and maintain a firewall configuration to protect data | 66% |
The Slaughterhouse-Five: Why are these problem areas?
Regardless of the fact that PCI DSS is definitely comprehensive, the list of requirements allows for 12 potential points of failure; the inability to pass any one means an organization won't be compliant. Additionally, even with the PCI DSS providing specific requirements, it can be interpreted differently by different types of organizations. Let's review the aforementioned PCI requirement failures, analyze why these might cause trouble for some organizations and discuss what measures can be taken to resolve the dilemma.
![]()
A GUIDE TO PASSING PCI'S FIVE TOUGHEST REQUIREMENTS
![]()
Requirement 3: Protecting stored data
Requirement 11: Regularly test security systems and processes
Requirement 8: Assign a unique ID to users
Requirement 10: Monitor access to network resources and data
Requirement 1: Install and maintain a firewall configuration
Conclusion
ABOUT THE AUTHOR:
Craig Norris, CISSP, CISA, G7799, MCSE, Security+, CAPM, TICSA, is a Regional Engagement Manager at an IT consulting firm in Dallas. He has been involved with information technology and security for over 12 years. He can be contacted via [email protected]. |