Firewall Wizards mailing list archives
Credit card transaction security
From: Bill Stout <Bill.Stout () AristaSoft com>
Date: Tue, 7 Sep 1999 15:08:47 -0700
Question: Are there minimum security standards for companies who store and exchange bulk credit card transactions with Credit card processing bureaus(over the Internet)? Has anyone established such standards? What it means to me is: o Some auditable strength or 'certified' firewall o Some auditable standardized 'hardening' of OSs; servers, routers, gateways, etc. o Enterprise-wide IDS system of some specific metrics o Hardware or software VPN with some predetermined bit-level strength (ex; 56/112/128-bit encryption) o OS and network security audit tools of some particular configuration o Network partitioning from unrelated systems o Some upgraded standard of physical security to consoles, terminals, etc., such as card keys, possibly biometrics. o 'Bank teller' background checks on IT staff o Regularly scheduled self-audits and audit log analysis o Data storage and backup tape storage of some auditable o Third-party security audit Any thoughts on this? Institutions I previously worked with only had internally defined standards, and did not follow 'industry' standards. Bill Stout
Current thread:
- Credit card transaction security Bill Stout (Sep 07)
- <Possible follow-ups>
- Re: Credit card transaction security Rick Smith (Sep 08)
- RE: Credit card transaction security sean . kelly (Sep 09)