pci dss不合规
PCI/DSS has been the result of multiple efforts towards defining a common framework for the implementation of security controls to protect payment card data. The rules of PCI DSS (Payment Card Industry Data Security Standard) apply to any job that accepts credit cards for payments, including e-commerce service providers and merchants however many retailers are confused about how these regulations affect. It is a complex standard, covering logical, physical, documentary and administrative protocols be developed transversely in the organization controls and involves suppliers and other third parties relating to ensure a degree of safety consistent not only in the own organization, but as well in those entities with which the card data are shared to create a secure environment where data flows of the dealings.
PCI / DSS是为定义用于实施安全控制以保护支付卡数据的通用框架而进行的多次努力的结果。 PCI DSS(支付卡行业数据安全标准)的规则适用于接受信用卡付款的任何工作,包括电子商务服务提供商和商人,但是许多零售商对这些规则的影响感到困惑。 它是一个复杂的标准,涵盖了在组织控制中横向制定的逻辑,物理,文档和管理协议,并且涉及供应商和其他第三方,以确保不仅在自己的组织中而且在那些实体中都具有一致的安全程度。与之共享卡数据以创建交易数据流的安全环境。
PCI/DSS breach can be a bit of a nightmare for retailers, especially SMBs that does not have staff dedicated to addressing issues of security and compliance. Well, some people jump in there; build their own platforms with little understanding of the PCI DSS. Most of the people choose to outsource much heavy work, but still have responsibilities to be aware that when a call comes, PCI auditor to cut a long story short just because his tent is made of pixels and no brick-and-mortar does not mean that the PCI Council is less interested in how to set confidential customer data.
违反PCI / DSS可能对零售商来说是一场噩梦,尤其是对于没有专门解决安全性和合规性问题的员工的中小型企业。 好吧,有些人跳进去了。 很少了解PCI DSS即可构建自己的平台。 大多数人选择外包很多繁重的工作,但仍有责任意识到,接到电话后,PCI审计员可