Payment Card Industry DSS
Data Security Standard (DSS)
Clearly one needs to assess ones processes to see if the clients sensitive data is bain stored and from my reading on the regulations, our businesses
do not store sensitive Credit Card data. The need for encryption and physical security will fall away in this area.
With regards the PAN and allowable information, I suppose the storage methods could be improved to deny the serous hacker access to PAN details.
The immediate improvement could come in the form of suppressing PAN characters from POS slips. We are allowed to display as much as the
first six and last four characters, of hte PAN.
Current systems will need to be revised to suppress the additional characters from the printouts.
page revision: 1, last edited: 13 Dec 2006 12:41
