pci dss不合规
PCI/DSS has been the result of multiple efforts towards defining a common framework for the implementation of security controls to protect payment card data. The rules of PCI DSS (Payment Card Industry Data Security Standard) apply to any job that accepts credit cards for payments, including e-commerce service providers and merchants however many retailers are confused about how these regulations affect. It is a complex standard, covering logical, physical, documentary and administrative protocols be developed transversely in the organization controls and involves suppliers and other third parties relating to ensure a degree of safety consistent not only in the own organization, but as well in those entities with which the card data are shared to create a secure environment where data flows of the dealings.
PCI / DSS是为定义用于实施安全控制以保护支付卡数据的通用框架而进行的多次努力的结果。 PCI DSS(支付卡行业数据安全标准)的规则适用于接受信用卡付款的任何工作,包括电子商务服务提供商和商人,但是许多零售商对这些规则的影响感到困惑。 它是一个复杂的标准,涵盖了在组织控制中横向制定的逻辑,物理,文档和管理协议,并且涉及供应商和其他第三方,以确保不仅在自己的组织中而且在那些实体中都具有一致的安全程度。与之共享卡数据以创建交易数据流的安全环境。
PCI/DSS breach can be a bit of a nightmare for retailers, especially SMBs that does not have staff dedicated to addressing issues of security and compliance. Well, some people jump in there; build their own platforms with little understanding of the PCI DSS. Most of the people choose to outsource much heavy work, but still have responsibilities to be aware that when a call comes, PCI auditor to cut a long story short just because his tent is made of pixels and no brick-and-mortar does not mean that the PCI Council is less interested in how to set confidential customer data.
违反PCI / DSS可能对零售商来说是一场噩梦,尤其是对于没有专门解决安全性和合规性问题的员工的中小型企业。 好吧,有些人跳进去了。 很少了解PCI DSS即可构建自己的平台。 大多数人选择外包很多繁重的工作,但仍有责任意识到,接到电话后,PCI审计员可以说长话短说,只是因为他的帐篷是用像素构成的,没有实体的意思。 PCI委员会对如何设置机密客户数据的兴趣较小。
PCI advice is necessary for all the small and medium e-commerce merchants to know and understand the frequent steps to take after a PCI breach. Many merchants may be thinking of building their own PCI compatible platforms, outline some basic aspects often neglected.
所有中小型电子商务商人都必须有PCI建议,才能了解和了解PCI违规后应采取的常见步骤。 许多商人可能正在考虑构建自己的PCI兼容平台,概述了一些经常被忽略的基本方面。
The different Online payment system is necessary for SMBs to make a quick grow online and every intruder is aware of this real fact, they all know credit card or any other payment processing capabilities play a vital role to help merchants expand in every corner of the world. Not all but a very few SMBs are unaware of the dangerous risks they have to face in a lake of PCI compliance to protect their payment process securely. According to the ICT survey 2014, more than 80% of intruder data attacks is targeted to SMBs and without PCI compliance, big or small businesses cannot take a step toward to protect merchants, businesses and consumers. And then what happens if SMBs fails to comply with PCI Compliance standards? And how do SMBs achieve PCI compliance for better future with the business?
对于中小型企业来说,必须使用不同的在线支付系统才能使在线业务Swift发展,每个入侵者都知道这一真实事实,他们都知道信用卡或任何其他支付处理功能在帮助商人扩展世界各个角落方面都起着至关重要的作用。 。 除了极少数的中小型企业,并不是所有人都没有意识到他们必须面对PCI合规性以安全地保护其付款流程所面临的危险风险。 根据2014年ICT调查,超过80%的入侵者数据攻击针对中小型企业,并且没有PCI合规性 ,无论大小企业都无法采取措施保护商家,企业和消费者。 如果中小型企业不符合PCI合规性标准,那会发生什么呢? 中小企业如何实现PCI合规性,以实现业务的更好未来?
The cost saving measures according to an SMBs is affordability which is the first thought in their mind, but cheap accommodation is not worth the cost saving. Not all hosting providers are configured for PCI compliance, but very few are very intelligent to deploy PCI Compliant web hosting server to any small or large enterprise needs with the server configuration and security protocols to meet the latest online security standards to help protect a business against any vulnerability and malware to maintain internet security. The most basic things the SMBS should take into consideration is Shared servers bring many potential problems. PCI shared servers do not expressly prohibit it, but do not always have your database on the same server as your website. It is a lot easier to hack and get access to confidential information.
中小型企业认为节省成本的方法是负担能力,这是他们首先想到的,但是廉价的住宿并不值得节省成本。 并非所有托管提供商都配置了PCI合规性,但是很少有人非常聪明地通过服务器配置和安全协议来满足任何小型或大型企业的需要,从而满足最新的在线安全标准,从而帮助企业防范PCI兼容的Web托管服务器。维护互联网安全的任何漏洞和恶意软件。 SMBS应该考虑的最基本的事情是共享服务器带来许多潜在的问题。 PCI共享服务器没有明确禁止它,但是并不总是将您的数据库与您的网站放在同一服务器上。 黑客入侵并获得机密信息要容易得多。
看一下信用卡数据泄露的后果, (Look at the Consequences of a Credit Card Data Breach,)
Customer is the true assets of SMBs and when customers hand over their personal credit/debit card details to make any payment or purchase, it resolves that they base your services reliable and ready to take a plunge with it. After the successful payments now, it is the responsibility of SMBs to secure the customer data from any intrusive activity. In a lake of PCI/DSS standards if their credit card data is stolen, then merchants have to confront the potential consequences, letting in significant fines and consequences, legal costs and defrayals, loss of customer trust and loyalty, and even the possibility of getting out of business. SMBs should analyse and understand the requirements PCI compliance for their business and act accordingly to implement it with the growing Internet security.
客户是中小型企业的真正资产,当客户交出其个人信用卡/借记卡详细信息进行付款或购买时,它决定他们可以可靠地为您提供服务,并愿意大胆尝试。 现在成功付款后,中小型企业有责任保护客户数据免受任何侵入性活动的侵害。 在大量的PCI / DSS标准中,如果信用卡数据被盗,那么商家就必须面对潜在的后果,包括大量的罚款和后果,法律成本和损失,客户信任和忠诚度的丧失,甚至是获得倒闭 中小型企业应分析并了解其业务对PCI合规性的要求,并采取相应的行动以随着不断增长的Internet安全性而实施它。
SMBs can achieve and improve PCI Compliance with PCI DSS v3.1 standards, which are ready to launch and in its final phase with these changes in PCI DSS v3. 0 for SMBs,
中小企业可以通过PCI DSS v3实现并提高PCI兼容性。 1个标准,这些标准已准备就绪,并随着PCI DSS v3中的这些更改而进入最后阶段。 对于中小型企业为0,
- Maintain a network diagram that describes data streams payment cards 维护描述数据流支付卡的网络图
- Maintain an inventory of system components within the scope of compliance (see Cardholder Data Matrix ) 在合规范围内维护系统组件的清单(请参阅持卡人数据矩阵)
- Assess threats from malware for systems that are not commonly affected by malware 为通常不受恶意软件影响的系统评估来自恶意软件的威胁
- Updated list of common vulnerabilities to align with OWASP, NIST, SANS, etc. To be included in the insurance practice software development 更新了常见漏洞列表,以与OWASP,NIST,SANS等保持一致。将包括在保险业务软件开发中
- Additional security considerations for authentication mechanisms such as hardware tokens, smart cards and certificates 身份验证机制(如硬件令牌,智能卡和证书)的其他安全注意事项
- Manipulation protection or replacement of POS terminals (POS) and other devices 操纵保护或更换POS终端(POS)和其他设备
- Implement a methodology for implementing penetration testing and implementation of such tests to verify that the segmentation methods are operational and effective 实施用于实施渗透测试的方法并实施此类测试,以验证细分方法是否可操作且有效
- Keep information about PCI DSS controls managed by service providers and by the entity. Service providers must recognize and accept their responsibility in maintaining PCI DSS controls applicable to them 保留有关由服务提供商和实体管理的PCI DSS控件的信息。 服务提供商必须承认并接受其维护适用于他们的PCI DSS控制的责任
To remain competitive in terms of security and compliance not only SMBs, but also large organizations require a structured security approach to solve unwanted Internet security issues and preserve the standards by integrating PCI DSS compliance to monitor the effectiveness of their security controls.
为了在安全性和合规性方面保持竞争力,不仅中小型企业,而且大型组织都需要一种结构化的安全方法来解决有害的Internet安全问题,并通过集成PCI DSS合规性来监视其安全控制措施的有效性,从而保持标准。
pci dss不合规