The purpose of this report is to make suggestions for senior management about complying with Payment Card Industry Data Security Standard (PCI DSS). With Yieldmore Company looking to endeavor into online and in store credit card transactions, I felt it necessary to inform of some of the best practices for PCI DSS. There are six major points I will elaborate on throughout this report that PCI DSS is based upon.
The first point is securing the network tightly with firewalls. There are firewalls already in place for the company’s network. But it will be necessary to ensure the firewalls used are capable of effectively securing the network without being an inconvenience to the customers trying to proceed with orders. Also, authenticating customers should have access to change personal identification numbers or passwords easily and frequently.
Second, Yieldmore will need to ensure that the system is protected from hackers. The hacker could potentially try to infiltrate the computer system to gain access to private customer information. Simply keeping antivirus and any patches from operating system companies up to date should help with this process.
Third, is the need for information restriction on YieldMore’s end. The simplest items can help our customers personal information secured. Shredding unnecessary documents, fencing in or having a third party vendor remove the sensitive paper waste will aid in security. Also, electronic security needs to be individualized. Everyone using a workstation needs to be accountable with their own login name and unique password.
Fourth, cardholder information must be secured and heavily monitored. YieldMore will have personal information such as credit card numbers, birth dates and social security numbers. Encryption is necessary for all transactions made through public networks. This is the type of information hackers are waiting for.
Fifth, Yieldmore will need to create a security policy. By doing so, the...
Please join StudyMode to read the full document