Free Content This Good Should Be A Sin


Advanced Search

Article Devil : Business » Proper Data Security And Storage Methods

Welcome, Guest

Home
RSS
Search
Submit Article
Latest Articles

Categories:

Art

Business

Advertising

Economics

Employment

Financial Services

Insurance

Management

Marketing

Outsourcing

Resumes

Computers

Entertainment

Finance

Health

Home

Internet

News

Reference

Science

Shopping

Society

Sports

Webmasters

Free Ebooks
Buy Cheap Phone Cards Computer Hardware

Magazines

Subscribe to

O, Oprah Magazine
Only $24.00 a year.

Women's Magazines

Proper Data Security And Storage Methods

Article Stats:
Author: Guest
Total views: 52
Word Count: 683

Rating: Not yet rated

The PCI DSS (Payment Card Industry Data Security Standard) requires that any merchant who accepts, processes, stores, transmits sensitive credit card information must do everything possible to protect and guard that data. Proper data security and storage, however, can be a difficult thing to do in-house.

Data security and storage comprise a major portion of the PCI DSS and is also a necessary part of maintaining trust with your customers. In an age where personal information is a valuable commodity, customers need to know that their transactions are secure and you have a priority on guarding their personal data.

The third requirement of the PCI DSS states simply: "Protect stored cardholder data." This may be a simple thing to say, but that doesn't necessarily make it an easy thing to implement, nor does it downplay the importance. There are quite a few individual security controls that are required before you can say that you have created the proper data security and storage environment.

The first step is encryption. If you must store sensitive information on your own system you must encrypt it. This is a basic step because if a criminal intruder should happen to bypass all the other security measures that are in place, all they will find on your system are strings of random gibberish that are useless without the encryption key.

The next step is to limit the amount of cardholder data on your system. This includes only keeping the data that is absolutely necessary for legal, business, or regulatory purposes. When you don't need it anymore, get rid of it. The less you have that is worth stealing, the less of a target you become. There are also a few things you're not allowed to store at all. These include the full contents of any track from the magnetic stripe (like the card verification code or PIN verification value), or the three or four digit validation codes or personal identification numbers.

Of course, even if you've taken the steps to electronically protect data by encrypting it, there's still the possibility that someone inside the company could steal or wrongfully employ the encryption keys. For that reason, the third requirement of the PCI DSS also mandates protecting those keys against misuse and disclosure.

Access to these keys must be restricted to the fewest number of people possible. These keys must also be stored in as few places as possible. Backups are, of course, necessary, but if you end up backing it up in too many places, you're likely to forget where they all are, or accidentally place one where someone with criminal intentions can get a hold of it.

Requirement numbers seven, eight, and nine also deal with limiting physical access to cardholder data. These mandate that you restrict access to this data by to business need-to-know, and that you assign unique IDs to each person with computer access. These are measures that help ensure that you can trace the source of your problem, should a breach occur.

There is another option for proper data security and storage that simplifies all these security controls. Simply don't store any data on your own system. Remote storage is becoming a very popular option for merchants who are worried about attacks on their system and possible security breaches.

The only way to ensure that your data security measures are effective is through constant monitoring and management. The unfortunate truth of the matter, though, is that most merchants simply don't have the time or resources to efficiently and actively control the security on their systems.

But there are companies out there now who specialize in providing effective data security and storage. Remote storage on these systems is one of the best ways to protect sensitive data and take some major steps toward becoming PCI compliant.

Above all, remember that these steps are about more than simple compliance. As consumers grow more weary about who they give their information to, it will be more and more important to guarantee the safety of their personal data.

About the Author

Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about data security and storage methods, or becoming PCI compliant, visit Braintree Payment Solutions today.
Source: Article Devil

Comments

No comments posted.

Add Comment
You do not have permission to comment. If you log in, you may be able to comment.

Latest Articles In This Category

1: The Steps To Starting Home Business
2: UID Laser Marking; a key Component of UID Registration
3: Important info about UID Labels and UID nameplates
4: Different Types of UID Labels and UID Nameplates
5: AS9132 : A Tool to Maintain Quality standardization

Get HTML Code

Remember: The article body, title, author bio and links may not be changed or removed. By publishing this article, you agree to all the terms in our our Terms of Service.

<h1>Proper Data Security And Storage Methods</h1>
The PCI DSS (Payment Card Industry Data Security Standard) requires that any merchant who accepts, processes, stores, transmits sensitive credit card information must do everything possible to protect and guard that data. Proper data security and storage, however, can be a difficult thing to do in-house. Data security and storage comprise a major portion of the PCI DSS and is also a necessary part of maintaining trust with your customers. In an age where personal information is a valuable commodity, customers need to know that their transactions are secure and you have a priority on guarding their personal data. The third requirement of the PCI DSS states simply: "Protect stored cardholder data." This may be a simple thing to say, but that doesn't necessarily make it an easy thing to implement, nor does it downplay the importance. There are quite a few individual security controls that are required before you can say that you have created the proper data security and storage environment. The first step is encryption. If you must store sensitive information on your own system you must encrypt it. This is a basic step because if a criminal intruder should happen to bypass all the other security measures that are in place, all they will find on your system are strings of random gibberish that are useless without the encryption key. The next step is to limit the amount of cardholder data on your system. This includes only keeping the data that is absolutely necessary for legal, business, or regulatory purposes. When you don't need it anymore, get rid of it. The less you have that is worth stealing, the less of a target you become. There are also a few things you're not allowed to store at all. These include the full contents of any track from the magnetic stripe (like the card verification code or PIN verification value), or the three or four digit validation codes or personal identification numbers. Of course, even if you've taken the steps to electronically protect data by encrypting it, there's still the possibility that someone inside the company could steal or wrongfully employ the encryption keys. For that reason, the third requirement of the PCI DSS also mandates protecting those keys against misuse and disclosure. Access to these keys must be restricted to the fewest number of people possible. These keys must also be stored in as few places as possible. Backups are, of course, necessary, but if you end up backing it up in too many places, you're likely to forget where they all are, or accidentally place one where someone with criminal intentions can get a hold of it. Requirement numbers seven, eight, and nine also deal with limiting physical access to cardholder data. These mandate that you restrict access to this data by to business need-to-know, and that you assign unique IDs to each person with computer access. These are measures that help ensure that you can trace the source of your problem, should a breach occur. There is another option for proper data security and storage that simplifies all these security controls. Simply don't store any data on your own system. Remote storage is becoming a very popular option for merchants who are worried about attacks on their system and possible security breaches. The only way to ensure that your data security measures are effective is through constant monitoring and management. The unfortunate truth of the matter, though, is that most merchants simply don't have the time or resources to efficiently and actively control the security on their systems. But there are companies out there now who specialize in providing effective data security and storage. Remote storage on these systems is one of the best ways to protect sensitive data and take some major steps toward becoming PCI compliant. Above all, remember that these steps are about more than simple compliance. As consumers grow more weary about who they give their information to, it will be more and more important to guarantee the safety of their personal data.
<h2>About the Author</h2>
Andy Eliason is a writer at Main10, Inc. If you'd like to learn more about <a href="http://www.braintreepaymentsolutions.com/data-security-storage/article/16/">data security and storage</a> methods, or becoming <a href="http://www.braintreepaymentsolutions.com/pci-compliant/article/10/">PCI compliant</a>, visit <a href="http://www.braintreepaymentsolutions.com/">Braintree Payment Solutions</a> today. Source: <a href="http://www.articledevil.com">Article Devil</a>

Stats

Articles: 6388
Categories: 176
Members: 7704
Online: 4