|Mandated since June 2001, CISP is intended to protect Visa cardholder data–wherever it resides — ensuring that members, merchants, and service providers maintain the highest information security standard.
In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Visa USA maintains CISP as the managing program for data security compliance endorsing the PCI Data Security Standard.
CISP compliance is required of all entities that store, process or transmit Visa cardholder data. It does not matter how many transactions you process annually- you must secure your data!
What is PCI?
PCI DSS is a set of comprehensive requirements for enhancing payment account data security and has developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The best source for information on PCI is the organization’s Web site. Follow this link https://www.pcisecuritystandards.org/index.htm to get the most up-to-date information. You can also sign up to receive any updates to the requirements. From this Web site you can also obtain the self assessment form or contact COCARD for the correct form for your organization. It is a requirement of card acceptance that your organization complete this form annually.
What is data security?
As you might imagine, there are specific requirements for securing this data based on the types of transactions you are running. The PCI Data Security Standard is comprised of 12 general requirements designed to:
• Build and maintain a secure network
• Protect cardholder data
• Ensure the maintenance of vulnerability management programs
• Implement strong access control measures
• Regularly monitor and test networks
• Ensure the maintenance of information security policies
I would encourage each of you to download the following document and review it or assign someone in your organization to do just that, https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the PCI DSS SAQ to meet various scenarios. This document has been developed to help organizations determine which SAQ best applies to them.
The PCI DSS SAQ is a validation tool for merchants and service providers not required to undergo an on-site data security assessment per the PCI DSS Security Audit Procedures,and may be required by your acquirer or payment brand. Please consult your acquirer or payment brand for details regarding PCI DSS validation requirements.
Tracy Richmond is a vice president at COCARD, headquartered in Beverly, Mass. COCARD is a pioneer in reducing costs for heating dealers, and handles the processing needs of the industry’s leading fuel dealers. COCARD is a preferred choice of hundreds of home heating fuel and propane dealers from Maine to Alaska and has been recommended by many associations including ESPA, MOC, VFDA and ICPA to their oil and propane heating members. The company can be contacted at email@example.com or (866) 849-8800.