December 02, 2009
-
Restaurants Sue Radiant and Computer World, Pt.3
PCI Data Security Standards.The PCI Data Security Standards (DSS) is a set of comprehensive requirements for enhancing debit and credit card as well as other electronic forms of payment account data security. The agency was established by the founding payment brands of the PCI Security Standards Council, including major credit card companies American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer debit and credit card account data.
There are 12 PCI compliance standards which include:
Install and maintain a firewall configuration to protect debit and credit card data.
Do not use vendor-supplied defaults for system passwords and other security parameter.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Use and regularly update anti-virus software.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to debit and credit card data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security.Merchants who accept debit and credit card payment are required to be compliant in all 12 PCI DSS standards. They are also held accountable to assure they only purchase products that are PCI compliant. The plaintiffs allege that they were mislead by Radiant Systems and Computer World into believing that the payment processing system was in compliant and secure. Paul Langenbahn, President of Radiants Hospitality Division, told the Atlanta Journal Constitution that the company takes "data security very seriously" and that their products are "among the most secure in the industry." Langenbahn also stated that the charges were unfounded and they expect to "vigorously defend" the company.