PSC Payment and Security Experts
Services Solutions Allinaces Company Resources
   Resource Center
   White Papers
   Industry Resources
   In the News
   Customer Bulletins

PSC Industry Resources

PCI Security Standards Council

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI Security Standards Council's mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.

Read More

About the PCI Data Security Standard (PCI DSS)

Click here to download the Specification.

The PCI DSS version 1.1, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Read More

FFIEC Releases Advisory for Multifactor Authentication in Online Banking

The Federal Financial Institutions Examination Council has released updated guidance recommending that financial institutions migrate to use of multifactor authentication mechanisms.

The Federal Financial Institutions Examination Council (FFIEC) has issued the attached guidance, "Authentication in an Internet Banking Environment." For banks offering Internet-based financial services, the guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.

PSC is uniquely qualified to help financial institutions, their processors or software providers meet the FFIEC requirements. Our focus on the convergence of payments and security has given us significant experience with authentication, identity management and risk management systems. Our partners include experts on biometrics, public key infrastructure, smart cards and other related technologies. PSC can help cut through the vendor hype and find practical, cost effective solutions that can be implemented by the deadline.

The full text of the guidance can be found at: http://www.ncua.gov/letters/2005/CU/05-CU-18-Encl-1.pdf

Back to Top

Payment Card Industry Standards for Service Providers, Processors, and Merchants

Payment Card Industry Software Providers and Payment Software Companies

International Standards

Government Criteria

Assurance Specialist for Accounting Firms

Visa and US Chamber of Commerce



Payment Card Industry Standards for Service Providers, Processors, and Merchants
Visa: Securing Cardholder Data
Information about:
  • How CISP compliance works
  • CISP compliance validation
  • Why comply
  • Visa regulations
  • Member CISP responsibilities
  • Disclosure of cardholder information
  • CISP compliance penalties
  • Loss or theft of account information
Read more

Additional Links

Visa: Rules for Visa Merchants Card Acceptance and Chargeback Management Guidelines
This is a comprehensive manual for all businesses that accept Visa transactions. The purpose of this guide is to provide merchants and their sales staffs with accurate, up-to-date information on processing Visa transactions, while minimizing risk of loss from fraud and chargebacks.

Read more

MasterCard: Site Data Protection (SDP) Program
Working through our acquiring members, the MasterCard SDP program is designed to help members, merchants and Service Providers – Third Party Processors (TPPs) and Data Storage Entities (DSEs) – proactively protect themselves and the overall payment system against the threat of compromises. The SDP Program seeks to accomplish this by identifying vulnerabilities in security processes, procedures and Web site configurations. A key focus of the SDP Program is to ensure that Merchants and Service Providers are securely storing MasterCard account data in accordance with the Payment Card Industry Data Security Standard (PCI Data Security Standard).

Read more

American Express: Data Security Requirements
Customers expect their privacy to be ensured—including when their Card information is stored for recurring billing. American Express has a long-standing commitment to help businesses protect Cardmember information by keeping this sensitive information private and secure. Learn more about American Express security requirements for businesses that accept the Card so you can implement them at your company as well.

Back to Top

Payment Card Industry Software Providers and Payment Software Companies
Visa USA Payment Application Best Practices (PABP) standard
This document is to be used to verify that a payment application has been validated against Visa U.S.A. Payment Application Best Practices and to create the Report on Validation.

Open Web Application Security Protocol (OWASP)
The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software.

Read more

Back to Top

International Standards
ISO 17799
ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management

Read more

ISO 9002
ISO 9000:2005 - the 'A to Z' of quality management systems updated

Back to Top

Government Criteria
HIPAA
The law, identifiers, transactions, enforcement, security, privacy, code sets, industry discussion/collaboration, and other resources.

Read more

Sarbanes-Oxley
Sarbanes-Oxley - Financial and Accounting Disclosure Information; Sarbanes-Oxley - Financial and Accounting Disclosure Information.

Read more

GLBA
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

Read more

Back to Top

Assurance Specialist for Accounting Firms
SAS No. 70 Type I and Type II
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or service auditor's examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes.

Read more

AICPA WebTrust and SysTrust
Trust Services (including WebTrust® and SysTrust®) are defined as a set of professional assurance and advisory services based on a common framework (that is, a core set of principles and criteria) to address the risks and opportunities of IT. Trust Services principles and criteria are issued by the Assurance Services Executive Committee of the AICPA.

Read more

Back to Top

Additional Links
www.securityfocus.com

www.cert.org

www.sans.org

www.securityinfowatch.com

JCB's Data Security Program

Discover's Information Security and Compliance Program




Proven Solutions For
Copyright © 2007 PSC. All Rights Reserved. Privacy Policy | Site Map