PCI Compliance Introduction | e-Zest | India | USA | UK

The Payment Card Industry (PCI) has developed security standards for handling cardholder information in a published standard called the PCI-DSS Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit cardholder data.

The PCI-DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where cardholder data is stored, processed or transmitted.

The purpose of this document is to guide help software development of project which require PCI-DSS compliance implementation.

This document also explains the Payment Card Industry (PCI) initiative and the Payment Application Data Security Standard (PA-DSS) guidelines. The document then provides specific installation, configuration, and on-going management best practices for PA-DSS Certified application operating in a PCI-DSS compliant environment.

Difference between PCI-DSS Compliance and PA-DSS Validation:

As a software vendor, our responsibility is to ensure that our solution does conform to industry best practices when handling, managing and storing payment related information.

PA-DSS is the standard against which Solutions has been tested, assessed, and certified.

PCI-DSS Compliance is then later obtained by the merchant, and is an assessment of end-client’s actual server (or hosting) environment.

Obtaining “PCI-DSS Compliance” is the responsibility of the merchant and client’s hosting provider, working together, using PCI-DSS compliant server architecture with proper hardware & software configurations and access control procedures.

The PA-DSS Certification is intended to ensure that the solutions will help you achieve and maintain PCI-DSS Compliance with respect to how solutions handles user accounts, passwords, encryption, and other payment data related information.

PCI Security Standards Council Reference Documents:

The following documents provide additional detail surrounding the PCI SSC and related security programs (PA-DSS, PCI-DSS)

Payment Applications Data Security Standard
https://www.pcisecuritystandards.org/tech/pa-dss.htm
PCI-DSS
https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm
Open Web Application Security Project (OWASP)
http://www.owasp.org

Rating: 0.0/10 (0 votes cast)

GRC – Driving the Economic Growth

About Lalit Kale

Lalit Kale works as an Architect at e-Zest. He has an industry experience of over 7 years. His areas of interest and expertise include various Microsoft technologies like ASP.NET, ASP.NET MVC, WCF and Windows Azure. He holds a Bachelor’s Degree in Engineering (IT). He has also been instrumental in taking solutions to next stage for e-Zest's enterprise customers.

In his spare time he likes to try out open source technologies and loves to watch TED.com