The numbers are staggering. A billion people use credit cards for all manner of financial transactions. Increasing credit card use has led to increasing abuses. Bank of America, Citigroup, Hotels.com, LexisNexis and Polo by Ralph Lauren are but a few major companies that have suffered major data security breaches.

A Brief History of the PCI Data Security Standard

As calls for government intervention increased, the major credit card companies took the initiative and formed the Payment Card Industry Data Security Standard. It establishes common processes and precautions for handling, processing, storing and transmitting credit card data. In September of 2006, a group of five leading payment brands including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, jointly announced formation of the PCI Security Standards Council to manage the PCI standard. All e-commerce merchants who want to take plastic will have to conform to the standards. Non-compliance can result in huge fines, or being barred from accepting credit cards.

The Merchant’s Responsibility

The PCI Data Security Standard requirements apply to all payment card network members and merchants that store, process or transmit cardholder data. The core requirements are organized in six categories:

1. Build and Maintain a Secure Network
• Install and maintain a firewall configuration to protect cardholder data
• Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data
• Protect stored cardholder data
• Encrypt transmission of cardholder data across open, public networks
3. Maintain a Vulnerability Management Program
• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
• Restrict access to cardholder data by business need-to-know
• Assign a unique ID to each person with computer access
• Restrict physical access to cardholder data
5. Regularly Monitor and Test Networks
• Track and monitor all access to network resources and cardholder data
• Regularly test security systems and processes
6. Maintain an Information Security Policy
• Maintain a policy that addresses information security

Call for the Pros

All merchants are required to complete a self-assessment security questionnaire. All merchants must have external network security scans performed quarterly by a certified third-party vendor. Scan requirements are rigorous: all 65,535 ports must be scanned, all serious vulnerabilities must be remedied, and two reports must be issued–a technical report that details all vulnerabilities detected with solutions for remediation, and an executive summary report with a PCI approved compliance statement suitable for submission to banks for validation. This complex service should be handled by experts.

The Qualys Solution

We recommend undisputed industry leader Qualys for your PCI compliance needs. QualysGuard PCI is provided on demand as a Web application with no hardware or software to be installed. It allows merchants to complete all validation requirements. Using QualysGuard PCI users can easily complete and submit the PCI self-assessment questionnaire online, and perform pre-defined PCI scans on all external systems to identify and resolve network and system vulnerabilities as required by the PCI standard.

Register now for a 14-day free trial of QualysGuard PCI to see how your network measures up to the PCI Data Security Standard. Simply go to the link below. http://pci.solidcactus.com

The bad news is you must be PCI compliant. The good news is Qualys can make this whole procedure relatively painless. Take a free test drive! Enjoy!