PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of guidelines and norms developed by the Credit card companies to help firms that receive online payments and prevent fraud and unrecognized cards and the illegal hacking. Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company .This can also be acquired from an Approved Scanning Vendor (ASV).

Now let’s discuss how to find an approved ASV vendor…. Any merchant or service provider with annual transactions equal to or more than 10,000 is required to have a quarterly network system scan. The PCI Security Standards Council administers all ASV contracts, and the PCI SSC also trains and recognizes the ASV’s..

The requirements for the operation of ASV’s are that they shouldn’t disturb the customer environment and their work should not have an impact on the environment.

The main objectives of PCI compliance is as shown:

• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test the Networks

The PCI compliance deadline was fixed at June 30 for all IT & ITES companies. But it was found that only 3% of the lot many merchants had responded to the deadline. However Awareness of the standard has grown from 45 percent last year to 85 percent this year, and 71 percent of respondents are expected to compliant within the next 18 months.

I am sure the awareness would increase in the near future about PCI and  finding an ASV would be rather a Himalayan task.

This entry was posted on Sunday, December 9th, 2007 at 6:56 am and is filed under Buisness. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.