White Papers for Federal Financial Institutions Examination Council (FFIEC)

“Embracing PCI – Making it work for you”

SecureComputing

With the recent rise in data breaches and identity thefts, implementing a sound information security program is no longer optional. Companies processing credit card information are encouraged to embrace and implement sound data protection strategies to protect the confidentiality and integrity of payment information. As a result of this recent trend, a consortium of payment card providers collaborated to introduce the Payment Card Industry (PCI) Data Security Standard (DSS) to ensure that companies take due care and diligence in storing, processing and transmitting credit card data. The goal of PCI is to improve
data protection strategies that will allow consumers to swipe their credit cards with more confi dence and assurance that the confidentiality and integrity of their information will not be compromised.
Some of the challenges for achieving PCI compliance are outlined in this white paper, as well as successful tips to help organizations navigate through these challenges. Although challenges exist, organizations should remain encouraged and focused because there are benefi ts for achieving PCI compliance as outlined in this white paper. By achieving PCI compliance organizations eliminate unnecessary fines and penalties, heighten the awareness of PCI standards and requirements, and assist in the preparedness and readiness for upcoming PCI assessments and audits.
This white paper provides guidance on how to achieve PCI compliance and a summary analysis of the 12 security requirements of the PCI security standard. A good fi rst step toward achieving PCI compliance is embracing it while realizing no standard is perfect. The key to embracing PCI and achieving compliance is to understand that at the “heart” of the PCI standard are sound, fundamental security practices for data protection that seek to protect data confidentiality and integrity. One of the keys to understanding PCI is realizing that it’s not a security panacea, but rather the starting point to help organizations put in place a process for implementing and regularly reviewing sound information security principles for data protection.
Thus, making PCI work resides in your ability to seamlessly align and integrate PCI with your existing information security policies, procedures, standards and guidelines.

View the White Paper

Share or bookmarklet this web page at: