PCI-DSS
Compliance overview
NETconsent enables organisations to implement the controls prescribed by the PCI DSS which are mandatory for all entities that process, store or transmit cardholder data. The benefits of which maintain safe harbour, and avoid potential liability in the event of fraud associated with theft or cardholder data.
Credit card fraud has major ramifications for both cardholder and card handling company. For the consumer, there is the possibility of identity theft and damage to credit score; whilst the merchant risks catastrophic loss of consumer confidence.
The security standard now stands at a set of twelve high level requirements, encompassing technical demands and human intervention. At each level there is the need for the appropriate personnel to understand and adhere to pertinent policies. This is most specific within Requirement 12, which deals solely with the maintenance of security policies for all members of staff. NETconsent targets the relevant user base with the relevant policies, training and procedures tracking who has read and accepted the content and providing automated testing to confirm user understanding. NETconsent can even prevent users accessing their account if they fail to comply.
Since its official inception in 2004, the PCI DSS has evolved in order to combat new and existing threats within the changing commercial and technological climate. The
NETconsent Compliance Suite has the ability to adapt alongside the standard; disseminating changes to policies, as well as providing access to the full documents.
Reducing risk is also a key benefit that NETconsent delivers, ensuring the right people have the right information to hand, as and when required. It demonstrates PCI DSS compliance via a comprehensive audit trail and provides up to date reporting on who has read what and when. It consolidates policies and updates, negating the need for a large training expenditure. In short, it unites policy with technology.
PCI DSS compliance is mandatory and non-adherence could result in heavy fines. NETconsent ensures that all relevant individuals within an organisation are PCI DSS policy proficient, implementing compliance at every level.
NETconsent supports adherence to PCI DSS through:
Mitigation of risk – by ensuring staff who are involved in credit card processing understand, and agree to comply with security policies.
Reducing processing time – by enforcing electronic acceptance or decline of PCI policies at logon.
Reduction of errors – that might entail regulatory penalties.
Providing proof – by maintaining a comprehensive audit trail of policies, policy acceptance, and user training.
Reports that pinpoint potential areas of risk – by testing user understanding of PCI compliance rules, and related policies they have read.
NETconsent also reduces operational costs by streamlining the administration of policy documents, and reducing the effort expended on meeting annual PCI training requirements.
Requirements of the PCI DSS
PCI DSS regulatory challenges
The PCI DSS specifies 12 high level requirements for compliance, organised into six logically related groups:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
PCI DSS compliance is not just about putting technology controls in place. Effective communication as well as understanding of policies and procedures has a vital role to play in maintaining PCI DSS compliance. Companies who are shown not to be PCI DSS compliant may be subject to increased processing fees or even a bar on processing credit card transactions.
About PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements developed to reduce credit card fraud, and increase data security through tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data, and applies to all companies that deal with card payment transactions. both organisations and individuals.