Assignment 2 PCI DSS

YieldMore Company’s a small agricultural company, which produces and sells fertilizer products, recently decided to accept credit card payments from customers. The company headquarters has three servers located in a small Indiana town—Active Directory server, a Linux application server, and an Oracle database server. Outside its headquarters, there are two large production facilities—one in Nebraska and other in Oklahoma. The application server at the headquarters, hosts YieldMore’s primary software application, which is a proprietary program managing inventory, sales, supply-chain, and customer information. The application server is the server that PCI DSS compliance will be the center point. The database server manages all data stored locally with direct attached storage and does not need PCI DSS standards as long as it is stored locally.

The best practices for PCI DSS compliance start with engaging all internal resources. All employees of YieldMore Company must meet the PCI Compliance DSS standards, you need to raise the awareness of PCI at all levels of the organization. Tools must be provided to assist in making sure everyone is PCI DSS compliance. Visa is partnering with the National Federation of Independent Business (NFIB), to offer a new Web site, with free information, including webinars, educational materials and tools to assist educate small-business owners (Young 2007).

The next point to being PCI DSS compliant, is to have seek a partner to assist with PCI compliance program, ControlScan offers a number of solutions for merchants, ISOs and acquirers and currently partners with one of the largest acquirers in the United States. Also, PCI Security Council has a list of approved ASVs and QSAs. Visa and MasterCard also offer their own lists on each Web site (Young 2007).

Once PCI DSS compliance is setup, it is important to promote and advocate for PCI Compliance within YieldMore, getting the word out to all within an organization is an ongoing