|ELECTRONIC VALUE TRANSFER CONTRACT (EVT)|
|WHAT PCI COMPLIANCE MEANS|
|Payment Card Industry Data Security Standard (PCI DSS)
As credit card use has become more widespread both offline and online, and as consumer concern about security has understandably grown, the credit card industries have made an effort to ensure that sensitive information is protected.
In September 2006, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) formed the PCI Security Standards Council (SSC) and established a set of rules for what they call PCI compliance. These rules have to be followed depending on the size of a business and the number of credit card transactions handled, and if done properly will help protect consumer data from theft.
|The Rules for PCI Compliance|
|The six major categories within the standards established by the PCI SSC are as follows:
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
Each requirement for PCI compliance is broken up into a variety of subsections that go into detail about the process, and the full list can be viewed at www.pcicomplianceguide.org
|New York State Agencies must meet the PCI compliance standards|
|Based on the number of card transactions handled, NYS agencies will need to file the PCI DSS Self-Assessment Questionnaire annually and if using Internet/Web applications to accept payments, have your Web site scanned by an approved outside vendor at least quarterly. The links above will give you information and a copy of the Self-Assessment Questionnaire and links to approved outside security scanning vendors. The scanning costs are nominal and range from $150 to $500 annually.|