Payment Card Industry DSS

Data Security Standard (DSS)

new_pa3.gif

Clearly one needs to assess ones processes to see if the clients sensitive data is bain stored and from my reading on the regulations, our businesses
do not store sensitive Credit Card data. The need for encryption and physical security will fall away in this area.

With regards the PAN and allowable information, I suppose the storage methods could be improved to deny the serous hacker access to PAN details.
The immediate improvement could come in the form of suppressing PAN characters from POS slips. We are allowed to display as much as the
first six and last four characters, of hte PAN.

Current systems will need to be revised to suppress the additional characters from the printouts.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Share Alike 2.5 License.