Navigate this site

Zendor Counts Down to Compliance with PCI Regulations

Press Release

By: Zendor
13 February 2007

As online retail continues to experience unprecedented growth, leading credit card providers (such as Visa, MasterCard Worldwide and American Express) have introduced a set of comprehensive requirements for enhancing payment account data security. Zendor, the multi-channel retail expert, summarises the new Payment Card Industry Data Security Standard (PCI DSS) and how the regulations will impact retailers who are currently selling over the internet. The PCI DSS, which is due to be enforced by June 2007, has been compiled to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Zendor advises that all retailers review their current online selling practices against the new guidelines, and where necessary embark upon a QSA (Qualified Security Auditor) audit before the deadline is reached. A retailer can commence their compliance with PCI DSS without needing to complete it by June 2007, but all should engage with a QSA in order to fully assist them.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organised. These requirements include installing and maintaining a firewall configuration, using and regularly updating anti-virus software, assign a unique ID to each person with a computer access and regularly test security systems and processes.

The new regulations are based on a set of six key principles - these are as follows:

• Build and maintain a secure network;
• Protect cardholder data;
• Maintain a vulnerability management program;
• Implement strong access control measures;
• Regularly monitor and test networks; and
• Maintain an information security policy.

Nick Allen, Chief Executive of Zendor, comments: “The PCI guidelines, issued by a number of leading credit card providers, ask retailers to conform to one single secure system. In return, the credit card companies will guarantee to support online retailers if a problem arises. The guidelines are a major step forward for online retailing and one which will encourage growth in this area.”

“However, the difficulty is that all retailers’ systems are currently very different as independent systems have evolved over the years. Although the majority of retailers have firewalls and some type of security, the PCI DSS requirements specify exactly what they expect to be in place. We are currently working with our clients to solve this issue in time to meet the June deadline. As the leading provider of total distance shopping solutions, Zendor is perfectly placed within the market to help online retailers become compliant with the new regulations in time for the deadline.”

For further information on the PCI DSS requirements and QSA listings please visit www.pcisecuritystandards.org