PAYMENT CARD INDUSTRY, DATA SECURITY STANDARD (PCI-DSS)
It is a set of requirements for a resilient payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to make a secure a regular data security measures and practices on a global basis. The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption. For example PCI-DSS 1.1has set the Firewall standard that from June 2008 , PCI DSS companies will deploy Layer -7 aware Firewalls, which means that Application layer fir walls for perimeter security and real time log analysis using correlation technology for fast process sing of any attack or intrusion into Cards Data. The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized, there are 12 domain of Security which needed to have controls and control objectives:
BUILD AND MAINTAIN A SECURE NETWORK
Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameter
IMPLEMENT STRONG ACCESS CONTROL MEASURES
Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data
REGULARLY MONITOR AND TEST NETWORKS
Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
MAINTAIN AN INFORMATION SECURITY POLICY
Maintain a policy that addresses information security