PCI Data Security Standards
In a Xtalks Web Conference on Tuesday, February 20, 2007, 1:00 - 3:00 p.m. EST, Seana Pitt, Chairperson of the PCI Security Standards Council and VP of Merchant Policy and Data Quality, American Express, Global Network Operations and Mark Lambert, Manager, Professional Services, Parasoft will examine how to implement PCI standards in conjunction with the other security measures and mandates companies have and how to maintain compliance in the long term. http://xtalks.com/pcidata.ashx
(PRWEB) February 7, 2007 -- In a Xtalks Web Conference on Tuesday, February 20, 2007, 1:00 - 3:00 p.m. EST, Seana Pitt, Chairperson of the PCI Security Standards Council and VP of Merchant Policy and Data Quality, American Express, Global Network Operations and Mark Lambert, Manager, Professional Services, Parasoft will examine how to implement PCI standards in conjunction with the other security measures and mandates companies have and how to maintain compliance in the long term. http://xtalks.com/pcidata.ashx
Aligning PCI Data Security Standards with Pre-Existing Privacy and Security Mandates
Payment Card Industry (PCI) data security standards came in to place on June 30, 2005, developed by Visa, Mastercard, AmEx and Discover Card. "All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs." There are two things needed to meet PCI standards:
- Pass quarterly remote vulnerability scans
- Complete a security self-assessment questionnaire
As of Jan 11, 2006: According to Visa, only 15 percent of the 215 biggest retailers that accept its cards were fully compliant with the Payment Card Industry standard. MasterCard says 20 percent of its top-tier merchants have not even submitted plans for compliance. (334 merchants make up 50 percent of Visa's annual volume of largest US merchants.)
Some attribute the lack of compliance to the complexity of the standard -- it has 12 rules and 200 detailed sub-requirements governing such practices as use of firewalls and encryption of stored data. It also requires annual security audits to ensure the retailer remains in compliance.
Merchant banks whose retailers aren't PCI compliant could be fined up to $500,000. Typically, banks pass penalties along to the retailer involved. The merchant also faces loss of its card-acceptance privileges.
Under the standard, retailers fall into four categories, based on transaction volume. Level one is composed of merchants that process six million transactions annually while level four merchants process 20,000 or less transactions per year. The data security requirements vary depending upon the level. Level 1 merchants have to have the internal and external audits on a regular basis. Levels 2 - 4 only need to have the internal auditing team perform audits. (Internet Retailer April 2006).
The deadline for compliance keeps getting postponed due to the overarching failure to comply of the majority of US Merchants. November 1, 2006, was a deadline, January is going to be another, but most retailers and solutions providers believe that June of 2007 will be the true deadline. Visa will begin levying fines in the months to come on acquirers whose merchants make no progress on compliance.
Take away points include:
| | - How to implement PCI standards in conjunction with the other security measures and mandates companies have
- How to maintain compliance in the long term
|
Register for free: http://xtalks.com/pcidata.ashx
The web conference is sponsored by:
Parasoft
Parasoft is the leading provider of innovative solutions for automating software test and analysis and for establishing software error prevention practices as an integrated part of the software development lifecycle. Parasoft products and services enable software development and IT organizations to significantly improve visibility and control over the quality, costs and schedules of their software projects through the practice of Automated Error Prevention (AEP).
Parasoft's easy-to-use, scalable and customizable software error prevention solutions span the complete software development lifecycle and automatically test complex software systems from all relevant perspectives, from the Java, C/C++, and/or .NET code at the implementation layer, to the Web service / SOA at the messaging layer, to the Web front end.
Parasoft has more than 10,000 clients worldwide, including Boeing, Cisco, Disney, Ericsson, Fidelity, IBM, Lehman Brothers, Lockheed, Lexis-Nexis, Sabre Holdings, SBC and Yahoo. Founded in 1987, Parasoft is a privately-held company headquartered in Monrovia, CA. http://www.parasoft.com/
CA
CA is a recognized leader in enterprise IT security and management software. CA offers comprehensive and integrated security management solutions that enable organizations to align security with corporate business processes, achieve operational efficiency, enable regulatory compliance, mitigate operational risk, ensure service continuity and enable business growth. CA solutions address the entire spectrum of security challenges, including identity and access management, threat management, and security information and event management. CA security management solutions are in use today by the majority of the Fortune 500, helping these leading organizations reduce the complexity and cost of their security management while protecting critical corporate systems and data and enabling business growth. http://www.ca.com/security
Ecora
Proven in nearly 4,000 customer sites around the world, Ecora provides the industry's only solution for automating regulatory compliance and IT best practices reporting. Ecora is a critical business partner to those organizations looking to not only ensure -- but prove -- continual compliance with government and regulatory requirements including Sarbanes-Oxley, GLBA, Basel II and HIPAA. The Ecora solutions dive even further with its powerful insight to help you prove and report on adherence to industry standards such as PCI and SAS 70. And the compounded challenges created by evolving threats to the security of the IT infrastructure are virtually eliminated once the Ecora solutions help you take back control with automated and deep IT systems change and compliance reporting, disaster recovery and policy-based impact reporting. For more information, visit http://www.ecora.com
About Xtalks
Xtalks brings industry experts to executives' desktops around the world in a web-based information network that provides insight into breaking business issues through interactive digital web conferences. Xtalks web conferences allow anyone with interest in a particular topic to participate in a web meeting by synchronizing their desktop computer and phone alongside industry experts. Xtalks is part of The Honeycomb Worldwide Group of Companies.
Honeycomb Worldwide creates peer-to-peer business-oriented social networking communities, connecting senior level executives by delivering content through new and established media channels. www.honeycombworldwide.com
For more information on this conference or Xtalks in general, or to enquire about speaking opportunities or sponsoring future events, visit www.xtalks.com or contact Karen Anderson, Chief Marketing Officer, at 312-977-1166.
Register: http://xtalks.com/pcidata.ashx
###
|
