From the course: Cisco Network Security: Content and Endpoint Security
PCI DSS controls
From the course: Cisco Network Security: Content and Endpoint Security
PCI DSS controls
- [Instructor] In addition to in-house transactions by merchants, many companies have an outward-facing website. Merchants must design and build an ecommerce site with PCI DSS security in mind. Payment card industry data security standard, or PCI DSS, is the set of widely accepted requirements to secure credit card transactions. Several major credit card companies developed PCI DSS in 2004. That included American Express, Discover, JCB International, MasterCard, and Visa. The credit card industry developed the standard to help organizations that deal with credit cards to have more control over cardholder data and reduce the risk of possible exposure and fraud. PCI DSS requirements covers management policy, network security, and best practices for handling transactions and cardholder data. PCI DSS has six major principles and requirements. Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. PCI DSS is not a law or a government regulation. However, if you do deal with any credit card transactions, you must comply, otherwise a company will face hefty fines and may lose the ability to handle credit card transactions. The first step is to identify what type of merchant the company is and how many transactions they do on a yearly basis. The merchant is then ranked from level one to four, and each level will determine how aggressive audits and scanning take place. I'm at this website where you can find out a little bit more information on PCI DSS compliance. Down below here, it talks about compliance solutions, and Cisco is a member of the PCI Board of Advisors and the DSS Special Interest Groups. They take this very seriously and know it can be rigorous, so they can help with some of the solutions. When developing an ecommerce site, use good practice. That includes don't keep sensitive data any longer than necessary, protect the network using firewalls and DMZ, use secure protocols for processing credit card information, control access to the system, and protect cardholder data.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.