Saudi deputy FM meets Sudan's Sovereign Council chief in Port Sudan    Kuwait, India to elevate bilateral relations to strategic partnership Sheikh Mishal awards Mubarak Al-Kabir Medal to Modi    MoH to penalize 5 health practitioners for professional violations    Al-Samaani: Saudi Arabia to work soon on a comprehensive review of the legal system    Environment minister inaugurates Yanbu Grain Handling Terminal    Germany's attack suspect reportedly offered reward to target Saudi ambassador    U.S. Navy jet shot down in 'friendly fire' incident over Red Sea    Israeli strikes in Gaza kill at least 20 people, including five children    Trudeau's leadership under threat as NDP withdraws support, no-confidence vote looms    Arabian Gulf Cup begins with dramatic draws and a breathtaking ceremony in Kuwait    GACA report: 928 complaints filed by passengers against airlines in November    Riyadh Season 5 draws record number of over 12 million visitors    Fury vs. Usyk: Anticipation builds ahead of Riyadh's boxing showdown    Saudi Arabia to compete in 2025 and 2027 CONCACAF Gold Cup tournaments    Marianne Jean-Baptiste on Oscars buzz for playing 'difficult' woman    PDC collaboration with MEDLOG Saudi to introduce new cold storage facilities in King Abdullah Port Investment of SR300 million to enhance logistics capabilities in Saudi Arabia    Al Shabab announces departure of coach Vítor Pereira    My kids saw my pain on set, says Angelina Jolie    Legendary Indian tabla player Zakir Hussain dies at 73    Eminem sets Riyadh ablaze with unforgettable debut at MDLBEAST Soundstorm    Order vs. Morality: Lessons from New York's 1977 Blackout    India puts blockbuster Pakistani film on hold    The Vikings and the Islamic world    Filipino pilgrim's incredible evolution from an enemy of Islam to its staunch advocate    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Strengthened security
Published in The Saudi Gazette on 27 - 05 - 2016

IN today's world, using credit card is a fact of life. Credit card that we use quite often carries important information that if compromised during the use could cause damage to cardholders, merchants as well as the brands. The credit card carries cardholder data that include the full Primary Account Number (PAN), cardholder name, expiration and service code. Also includes authentication data on the magnetic stripe.
In this era of data-centric living a single breach could throw many people's lives awry. Compromised data, if it falls into wrong hands, could wreak havoc, as it did recently in 2013.
One of the major data breach happened to Target Discount Retail Store. As many as 70 million customers' credit cards were stolen. The credit cards theft happened between Nov. 27 and Dec. 15, 2013. The stolen information had customer names, credit cards or debit card number, the card's expiration date and CVV (card verification value) as well as customer information. This included names, mailing addresses, phone numbers and mail address.
As a result, Target sales dropped and also its share earnings. Also, for the customer, this has increased the possibility of identity theft. Once an identity is stolen, the thief can do a lot of things that would be detrimental to the customer. Among other things, the thief can get new credit card in your name and access your bank accounts.
In 2004, the major credit card brands (Discover, American Express, MasterCard, Visa and JCB) formed the Payment Card Industry Security Standards Council (PCI SSC) to facilitate the development of standards to become as a common set of minimum-security requirements to be implemented by all merchants and service providers that process, store or transmit credit cards information. In June 2005, the PCI SSC announced Payment Card Industry Data Security Standard (PCI DSS) protocol and it went into effect soon.
PCI SSC manages three different standards: the first standard covers everything from the physical security to logical security. Second covers Payment Application Data Standard (PADSS). There are thousands of PADSS compliant applications listed on the PCI DSS website where merchants can buy any off the shelf. The last standard is the PIN Transaction System (PTS). PCI SSC certifies all devices that process credit card PIN number.
PCI applies to every company that accepts credit card this includes retail point-of-sale services and mail/phone order. If your company accepts credit cards as payment for goods or services, then you should be aware of the Payment Card Industry (PCI) data security standards (DSS). These standards were created to protect the credit card information of all consumers.
The awareness should be made clear both to the consumer and the company such that data security is enhanced while reducing the chances of identity theft or a security breach.
There are many benefits for your credit card processing system when it becomes compliant with PCI DSS. The benefit of deploying PCI DSS is you get peace of mind. Knowing that your organization has done everything it can to ensure the safety and security of the customers' payment card data and the deployed standards has been developed thoroughly.
The second benefit of PCI DSS compliance is good customer relationship. Customer will be more comfortable dealing with merchants that are PCI DSS certified because they knew that their credit card information are protected. Improved relationship with customer more often translate into more profits.
Another benefit to PCI DSS compliance is that it becomes an integral part of any vulnerability management plan. Being PCI DSS compliant will drastically reduce the non-compliance findings when performing penetration testing and vulnerability scanning and that in turn will reduce the cost.
Since this protocol is the de-facto standard protocol around the world, it will be easier on other international organization to deal with your organization if you are PCI DSS compliant. In addition, when an organization branches internationally where PCI DSS is mandatory, then this will influence all the company's activities that are related to credit card processing to be PCI DSS compliant
Meeting PCI security requirements is very important to you if your business accepts credit cards for goods or services. Even though PCI is not, in itself, a law. However, PCI DSS is mandatory to all. Nothing is voluntary.
More than 80 percent of data stolen in breaches is payment card data, according to the 2009 Verizon Business Data Breach Report. The biggest challenge for the industry is education. Some of the small businesses don't know that they are responsible to be PCI compliant.
PCI SSC states that if you handle credit card information you must be compliant with PCI standards. That is a global rule. Merchants that do not comply with PCI DSS may be subject to fine, costly forensic audits, etc., should a breach event occur.
The PCI DSS is a set of 12 specific requirements that cover six different goals. It covers what to secure and how to become secure
PCI DSS: Goals
1. Build and maintain a secure network
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Regularly monitor and test networks
6. Maintain an information security policy
PCI DSS: 12 specific requirements
1. Install and maintain a firewall configuration to
protect cardholder data
2. Do not use vendor-supplied defaults for system
passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across
open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and
applications
7. Restrict access to cardholder data by business
need-to-know
8. Assign a unique ID to each person with computer
access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources
and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security


Clic here to read the story from its source.