March 17, 2005, 12:00 AM

A new data-protection compliance option for Internet merchants

Online merchants seeking to comply with the data protection rules of MasterCard International, Visa USA, American Express Co. and the other major card brands now have an option that can save them time and money.

Online merchants seeking to comply with the data protection rules of MasterCard International, Visa USA, American Express Co. and the other major card brands now have an option that can save them time and money.

The Payment Card Industry Data Security Standard, introduced in January, incorporates 12 core security requirements drawn from Visa’s Cardholder Information Security Program and MasterCard’s Site Data Protection program. The combined standards allow Internet merchants to show compliance by meeting the industrywide PCI requirements rather than having to show compliance to the card companies’ data-protection standards on an individual basis, a Visa spokesperson says.

Merchant acquirers and service providers that store, process or transmit cardholder data must meet the standard, in addition to online retailers. PCI’s requirements include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, monitoring and testing networks, and maintaining an information security policy. Other card companies endorsing the standards are Discover Financial Services, Diners Club and JCB.

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Deepak Agarwal / E-Commerce

Back-to-school insights from a Top 100 online retailer

It’s the second-largest online shopping season, and one nomorerack.com CEO pays close attention to. Here ...

FPO

Kevin Sterneckert / E-Commerce

The ghost economy: an $800 billion retail data disconnect

A new twist on a classic holiday story that online retailers will relive in the ...

Advertisement