Information Security PlanPCI DSS- Payment Card Industry Data Security Standard, which must be complied with. by any campus department that processes credit A contract should require PCI DSS compliance of any third party service, product, or …Read more
credit card. This effort will allow. the university to consolidate and reduce the. PCI compliance issues related to. credit card activities. Any Cornell …Read more
Microsoft PowerPoint – CAOCFO February 25, 2009PCI Compliance. New PCI compliance requirements due May 30. Mandatory campus-wide training development. In person training available. Certification mandatory for all credit card …Read more
logging in the age of Web servicesment Card Industry Data Secu- rity Standard (PCI DSS) explicitly for systems involved in credit-card. transactions. Clearly, the impor- tance of logs for compliance will. only grow as standards …Read more
Secure Suite 4 Micros’ 8700 Technical Installation Guide …Suite 4 Micros 8700 Driver can support general credit card, gift card, online debit, customer PCI DSS (Payment Card Industry Data Security Standard) and PA-DSS (Payment Application Data. Security Standard) compliance. …Read more
For credit or charge cards, look to credit card issuer rules, Payment Card Industry (”PCI“) data security standard went into. effect on 6/30/05. Consists …Read more
What should companies that outsource do to prevent credit card fraud?
These stories appear several years apart; during this period, according to industry body NASSCOM, the Indian BPO industry alone grew more than 100% [from $5.2 billion in 2005 to $12.5 billion in March 2008]. In the last financial year alone, it grew 32%. This exponential growth was not coincidental. It is a reflection of customer confidence and faith in the offshore delivery model, indicating that customers believe that delivery offshore offers significant value adds such as process optimization, cost reduction, and operational efficiency, with risk managed appropriately.
As an example, to combat fraud, the Indian BPO industry is adopting some of the most stringent global standards in the handling of sensitive information and data. One such standard is the payment card industry data security standards (PCI DSS), as prescribed by PCI data Security Council. The PCI DSS version 1.1 is a comprehensive set of requirements for enhancing payment account data security developed by some of the world’s leading founding payment brands including Amex, Discover, JCB, MasterCard and Visa in order to facilitate the broad adoption of consistent data security measures on a global basis. It is a multifaceted security standard that prescribes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures and is intended to help organizations aggressively protect customer account data.
WNS Global Services, as an example, has implemented the PCI DSS provisions in order to assure customers of its information protection maturity and ensure that sensitive information such as payment card information is viewed, assessed, transacted, transmitted and stored in a highly secure and PCI DSS regulated environment. WNS is the first BPO service provider to achieve the prestigious PCI DSS certification at an enterprise level in the category of “Level 1 Service provider”.
Other IT service and business process organizations have learned from the past breaches and have implemented information security management systems based on industry accepted standards such as ISO 27001. Certification is a ‘must have’ in the industry.
BPO organizations are also focused on staff education. For example, WNS has significantly invested in educating staff about information protection through delivery methods ranging from online classroom based training programs, do’s and don’ts checklists, an information security handbook, screensavers, and other communication tactics including floor level focused discussions.
The problem however is largely global. A recent survey of U.S. online retailers who accept overseas orders conducted for payment processors report the top 10 countries in the world of fraud range from Nigeria to Russia to Canada [source: http://www.internetretailer.com], but not India.
However, smart companies should at least
a) review the compliance norms and ensure that the organization they are outsourcing to has the necessary relevant certification;
b) have a watertight contract in place encompassing service levels and penalties;
c) conduct periodic audits of the outsourcers thereby ensuring that stringent standards are adhered to; and
d) put in place well-defined service level agreements.
It ultimately should be acknowledged that fraud is a global phenomenon and the companies that are certified and have trained staff are the ones with whom to do business with.
