Data breaches targeting credit card numbers are on the rise. Despite efforts by the payment card industry; including the development of the Data Security Standard (DSS), a set of requirements designed to help merchants and other businesses protect credit card transactions and card holder data; up to 70% of level 1 and level 2 credit card data handlers are not PCI compliant.
The DSS mandates the protection of cardholder data stored in databases and file systems. The issue is that the technological diversity of enterprise data centers and the myriad of approaches to protecting data are creating huge implementation challenges.
Below we’ve listed a few White Papers and links to Best Practices for PCI that we hope will be helpful in understanding some of the issues and Best Practices.
This document, from VIAS, outlines their Best Practices for PCI compliance.
New York, January 12, 2009—The National Retail Federation announced today the release of the first installment of Best Practices for PCI developed in cooperation with PCI Knowledge Base. This release contains 25 best practices which provide guidance to companies on how leading retailers are addressing all of the requirements outlined in the PCI Data Security Standards.
Requirement 3.1 of the Payment Card Industry Data Security Standard (PCI DSS) requires merchants keep cardholder data storage to a minimum. Develop a data retention and disposal policy. Limit storage amount and retention time to that which is required for business, legal, and/or regulatory purposes, as documented in the data retention policy. Read more…..
The PCI Security Standards Council provides the following Prioritized Approach to help stakeholders understand where they can act to reduce risk earlier in the compliance process. No single milestone in the Prioritized Approach will provide comprehensive security or PCI DSS compliance, but following its guidelines will help stakeholders to expedite the process of securing cardholder data.