The paper aims to help companies meet impending PCI requirements
London, UK – May 30, 2007 – Businesses that rely on payment by credit cards are required to comply with the PCI security standards by September 2007. Non compliance could result in loss of merchant account, severe fines and lawsuits. In view of these new regulations, Acunetix has published a PCI Compliance Guide to help companies understand the concept behind the Payment Card Industry as well as documenting the steps needed to reach compliance.
PCI Compliance at a glance
PCI Compliance is a structured security checklist which aims at securing financial data, and helps to distinguish the secure and reliable businesses from the risky ones. The Payment Card Industry Data Security Standard was created in a joint effort by the major credit card companies: American Express, Visa, MasterCard and Discover to monitor and develop the PCI standard. Consumers who use credit/debit cards online to purchase products or services risk suffering financial losses when businesses process their transactions through systems which are not secure. The PCI standard aims to stop the cause of online financial and identity theft from its source by ensuring the systems which process and store customer details are secure.
The Compliance Regulations
The PCI compliance specification describes a set of requirements which participating businesses must observe to ensure that correct measures are taken to secure all data, both internal and externally exposed. The Acunetix PCI Compliance Guide [PDF] describes the following categories in detail:
- Secure Network Design and Maintenance
- Cardholder Data Protection
- Vulnerability Management Program Maintenance
- Strong Access Control Measures Implementation
- Regular Network Testing and Monitoring
- Information Security Policy Maintenance
Security Assessment Tools
All businesses which apply the PCI compliance procedure must use the services of approved companies to perform compliance security scans. The results of these scans are issued in detailed compliance reports which are then used for approval by the specific card company requirements. The PCI Compliance specification is more than just a rule-set to which organizations must abide. It is also a guideline which provides a method to trace and secure all the potential security flaws which might be exploited. Detecting these potential exploits is made easier by using tools such as web vulnerability scanners and network scanners.
About Acunetix Web Vulnerability Scanner
Acunetix ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix Reporting allows security alerts to be presented in a document which abides by the PCI specification.