White Papers for Federal Financial Institutions Examination Council (FFIEC)

PCI Compliance: The CA Solution

Computer Associates

The PCI standard does not mandate specific technology or products. Rather, it defines industry best practices for how credit card information should be handled, communicated and stored in order to reduce the probability of unauthorized access to that information.Many of the requirements of PCI relate to strengthening the security perimeter – ensuring that the “bad guys”don’t get access to any internal systems or data that contain cardholder information. However, a number of recent events, such as the CardSystems scandal, illustrate that it is often the insider who is the cause of a major security breach. Therefore, the PCI standard includes a number of requirements whose sole purpose is to limit the access of employees of the vendor or services organization to full customer credit card information. The number of employees who are permitted to see the full credit card number, for example, is strictly limited only to those individuals who clearly “need to know” this information.

View the White Paper

Share or bookmarklet this web page at: