Credit Card Merchant Account CISP Requirements

The PCI Data Security Standard is the reflection of a "walls of security" philosophy in which no one security tool or measure should ever be taken as providing absolute protection for credit card merchant account users from fraudsters trying to gain unauthorized access to sensitive data. Instead, risk of intrusion is limited by building multiple layers of preventive measures that function together.

The PCI Data Security Standard is made up of twelve requirements expanded by more detailed sub-requirements:

• Build and manage a secure network.
  • Install and manage a firewall set-up to protect data.
  • Do not use the original vendor-supplied default values for any system passwords or other security parameters.
• Protect consumer data.
  • Protect shared information.
  • Encrypt all transmissions of sensitive information across public networks.
• Build and manage a vulnerability management program.
  • Use and constantly update your anti-virus software.
  • Build and maintain secure systems and applications.
• Implement solid access control measures.
  • Restrict any access to information on "need-to-know" basis.
  • Issue a unique ID to each employee with computer access.
  • Restrict any physical access to sensitive data.
• Regularly examine and test networks.
  • Keep track of all access to your network's resources and customer data.
  • Regularly evaluate security systems and processes.
• Manage a data security policy.
  • Establish a policy that addresses data security.

Which Credit Card Merchant Account Users Should Comply?

CISP is mandatory to any organization - meaning any credit card merchant account user or provider - that keeps, processes, or transmits cardholder account information. All eligible retailers and merchant services providers, regardless of their size (or in the case of service providers, whether or not they support issuing or processing activity) are required to comply with the PCI Data Security Standard.

Beyond the basic information security, full implementation of the PCI Data Security Standard benefits retailers in multiple ways:

• Customer service. Consumers look for merchants they feel are safe to purchase from. Confident customers are loyal customers. They will come back again and again, and will share their experiences with others.
• Cost containment. By protecting consumers, credit card merchant account users also limit their own risk exposure and the direct and indirect costs associated with compromised account data.
• Public image. Data security is a constant topic of media attention. An incident of information loss or compromise not only damages consumers; it can seriously damage the retailer's public image.