Navigating Through Choppy Waters of PCI DSS Compliance

2017 ◽  
pp. 99-140
Author(s):  
Amrita Nanda ◽  
Priyal Popat ◽  
Deepak Vimalkumar
Keyword(s):  
Financial Institutions ◽  
Data Security ◽  
Credit Card ◽  
Holistic Approach ◽  
Security Breaches ◽  
High Profile ◽  
Pci Dss ◽  
Compliance Requirements ◽  
Security Standard

PCI Data Security Standard is increasingly becoming one of the major compliance requirements all organizations are concerned about. This chapter taking a holistic approach, provides an overview of various components of PCI DSS. We discuss various versions of PCI DSS and the industries affected by this standard, the scope and requirements to comply and hesitation on part of most companies to imbibe it. We also look at the high-profile credit card breaches which have occurred recently and their impact on concerned industries. Additionally, we focus on the challenges faced by financial institutions to effectively meet PCI DSS requirements. Based on our analysis of different requirements of PCI DSS, challenges faced by organizations and recent security breaches of companies which were PCI DSS complaint at the time of breach, we propose recommendations to help organizations secure their cardholder data beyond the achieved compliance in place.

Navigating Through Choppy Waters of PCI DSS Compliance

2018 ◽  
pp. 1093-1124
Author(s):  
Amrita Nanda ◽  
Priyal Popat ◽  
Deepak Vimalkumar
Keyword(s):  
Financial Institutions ◽  
Data Security ◽  
Credit Card ◽  
Holistic Approach ◽  
Security Breaches ◽  
High Profile ◽  
Pci Dss ◽  
Compliance Requirements ◽  
Security Standard

PCI Data Security Standard is increasingly becoming one of the major compliance requirements all organizations are concerned about. This chapter taking a holistic approach, provides an overview of various components of PCI DSS. We discuss various versions of PCI DSS and the industries affected by this standard, the scope and requirements to comply and hesitation on part of most companies to imbibe it. We also look at the high-profile credit card breaches which have occurred recently and their impact on concerned industries. Additionally, we focus on the challenges faced by financial institutions to effectively meet PCI DSS requirements. Based on our analysis of different requirements of PCI DSS, challenges faced by organizations and recent security breaches of companies which were PCI DSS complaint at the time of breach, we propose recommendations to help organizations secure their cardholder data beyond the achieved compliance in place.

scholarly journals General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance

2021 ◽  
Vol 15 (2) ◽  
pp. 91-104
Author(s):  
Khairur Razikin ◽  
Agus Widodo
Keyword(s):  
Data Security ◽  
Assessment Tool ◽  
Assessment Model ◽  
Model Assessment ◽  
Industry Data ◽  
Maturity Level ◽  
Payment Card ◽  
Pci Dss ◽  
Use Of Technology ◽  
Security Standard

The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.

scholarly journals Study case Remote Access for PCI DSS Compliance at Company in Jakarta

2016 ◽  
Vol 3 (2) ◽  
pp. 35-41
Author(s):  
Rony Andry Anthony Sihotang
Keyword(s):  
Data Security ◽  
Remote Access ◽  
Team Development ◽  
Pci Dss ◽  
Electronic Transactions ◽  
Public Areas ◽  
International Payment ◽  
Security Standard ◽  
The Government ◽  
Internal Networks

The growth of electronic transactions in Indonesia has grown tremendously since the start of the government program of the Non-Cash National Movement (GNNT) by Bank Indonesia since 2014. It is expected that the use of cash will be replaced by electronic transactions (cashless) using ATM cards, debit cards, credit cards, electronic cards. Electronic transactions must be reliable and secure, this is what drives 5 international payment networks such as American Express, Discover, JCB, Mastercard and Visa create a data security standard to secure cardholder data PCI DSS (Payment Card Industry Data Security Standard). PCI DSS has always evolved to always keep cardholder data secure for transaction and now PCI DSS has released PCI DSS version 3.2 in April 2016. Employees need to connect to internal private networks or corporation’s network over the Internet from home or public areas such as hotels, airports, cafe mall etc. Security becomes a major consideration when access to internal networks or corporation’s network from insecure network. In this case study, one company with head office located in Jakarta, Indonesia with team development located in Seoul, South Korea. Also see the connection between convenience and security when implementing remote access in accordance with PCI DSS requirements.

Sign in / Sign up

Export Citation Format

Share Document