Small Business Networking
Payment Card Industry (PCI) update
PCI looking the wrong way, but rules will help everyone.
Credit card losses to fraud adds up to about $3 Billion per year, depending on who you ask. So we can understand the concern on the part of financial service companies and the need for the Payment Card Industry Data Security Standard (PCI DSS, usually referred to as just PCI; official documents here).
Related links
No results were found for your search.
Your query is too restrictive.
You might want to try: small/med.business
Story tools
Sponsored by:
E-Mail article
|
|
Print article
|
|
Contact author
|
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
But the huge credit card companies -- Visa, MasterCard, American Express, Discover, and JCB -- haven't done their job well and are forcing new rules on the wrong end of the transaction pipeline. That said, the rules are, for the most part, good security guidelines that businesses should be following anyway. Rarely do we see a bad idea lead to good results.
According to the book Geekonomics by David Rice, the PCI rules are a way for the financial giants to stave off government regulations. After losing more than a 100 million credit card records in 2006, one would think Congress would try to “help.”
The credit card industry swears it can self-regulate, and says it is in a better position than most to do so. After all, if your business is sloppy with credit card data, the card companies can cut you off and effectively put you out of business. They almost never, never do that, of course, because it's bad for business. But at least now they're forcing vendors making card transaction software to tighten up, says Computerworld.
PCI also forces any business taking credit cards, no matter how small, to become security experts. That t-shirt kiosk in the mall? Same security rules apply to it as to the Sears store down the way. Since t-shirt vendors rarely can judge the security of firewalls, operating systems, and transaction processing software, they're at the mercy of the security companies.
But many of the rules should be followed by every business. Scott Goessling of Blue Pay, a card processing service, created an understandable version of the PCI rules and gave me a copy. I don't see a copy on its Web site, but I bet if you send a note you'll get one via e-mail.
Jesper Jurcenoks, CTO of NetVigilance, a network vulnerability testing company, says 60% of businesses fail their PCI audit for one reason: they have no information security policy written down. So grab some paper and start from the basics, like “lock the door at night.” Then detail who can access data, define daily operational security procedures, and keep writing down policies.
| Use this form to start a public discussion with other Linux World users on this article. Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
• Dell puts Linux and Atom in Vostro PCs
• Mozilla names best Firefox 3 add-ons
• Torvalds: Fed up with the 'security circus'
• Dell Latitude ON - big win for Linux
• Open source advocates hail appeals court ruling
LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.