PCI DSS Compliance
Executive summary
This report outlines the history of the PCI DSS which came about from the emergence of the CISP and SDP that MasterCard and Visa have developed. This standard was then adopted by almost every major card brand; it is known as the Payment card industry security standard council and extends invites at a fee to become a member of the council which governs this standard. However research has been shown that less than half of Australia has adopted this standard and the even though this is now a law, heavy penalties and fines apply, if an error should occur, to those who do not comply with the standard. The second half the report outlines firewall and network changes to the business, “Bricks and Mortar”, to comply with the rules and regulations of the PCI DSS. This includes moving the cardholder database into a more secure environment such as the trusted network. A diagram has been included as an end result of the configuration process.
PCI DSS
The Payment Card Industry Data Security Standard also shortened to simply PCI DSS originated in June 2001, under Visa, known as the cardholder information security program (CISP). This was designed to protect Visa’s clients as cardholders by requiring specific levels of information security on the merchants’ behalf before being able to use the cards. There were 12 security requires in CISP which came to be known as the Digital Dozen within the industry later. However in 2004, Visa and MasterCard decided they would emerge their two standards into one, which were CISP and SDP. Thus PCI DSS was created and in December, the other payment card brands also came to agree on one single form of security standard for the payment card information security. The companies referred with each other's standards to create a concise and singular set of compliance standards. In 2006, all the major cardholders came together and announced the formation of an independent body known as the PCI Security Standards Council, whose main
This report outlines the history of the PCI DSS which came about from the emergence of the CISP and SDP that MasterCard and Visa have developed. This standard was then adopted by almost every major card brand; it is known as the Payment card industry security standard council and extends invites at a fee to become a member of the council which governs this standard. However research has been shown that less than half of Australia has adopted this standard and the even though this is now a law, heavy penalties and fines apply, if an error should occur, to those who do not comply with the standard. The second half the report outlines firewall and network changes to the business, “Bricks and Mortar”, to comply with the rules and regulations of the PCI DSS. This includes moving the cardholder database into a more secure environment such as the trusted network. A diagram has been included as an end result of the configuration process.
PCI DSS
The Payment Card Industry Data Security Standard also shortened to simply PCI DSS originated in June 2001, under Visa, known as the cardholder information security program (CISP). This was designed to protect Visa’s clients as cardholders by requiring specific levels of information security on the merchants’ behalf before being able to use the cards. There were 12 security requires in CISP which came to be known as the Digital Dozen within the industry later. However in 2004, Visa and MasterCard decided they would emerge their two standards into one, which were CISP and SDP. Thus PCI DSS was created and in December, the other payment card brands also came to agree on one single form of security standard for the payment card information security. The companies referred with each other's standards to create a concise and singular set of compliance standards. In 2006, all the major cardholders came together and announced the formation of an independent body known as the PCI Security Standards Council, whose main