Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the sales clerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your weekly assignment.
This retail establishment will need to meet the Payment Card Industry Data Security Standard. There are twelve main functionalities of PCI DSS.
Requirement 1:.PCI DSS requires a firewall …show more content…
Requirement 6: Application that have client data should be secured with application ids and passwords. All applications should be maintained by system administrators
Requirement 7: Only persons with a need to know will access the client data environment no exceptions!
Requirement 8: Each person requiring access must have an ID.
Requirement 9: The physical environment where cardholder data will be stored should be secured with cameras, pin protect doors, and etc.
Requirement 10: There will be a paper trail on who, when and what was accessed.
Requirement 11: Penetration testing should be done to ensure all security protocols are up to date
Requirement 12: Every employee will be trained and briefed on security policies on how to handle cardholder data regularly (Chuvakin, A. …show more content…
A firewall is required within requirement one to secure “always-on” connections. There will be a firewall implemented between the cardholder data system and wireless network. Each firewall configured will deny or control all traffic being communicated between wireless and cardholder data setting. Wireless encryption protocol is prohibited in order to be PCI DSS compliant. All weak keys should ne disabled and TLS 1.1 or better should be implemented. PCI DSS requires that all systems are malware protected and system antivirus updates are performed routinely (Calder, Carter, 2008).
3. Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data.
Every user will need a unique Identifier and network password for access according to requirement eight. Two factor authentication can be added as an extra layer of security onto the network and passwords shouldn’t be readable. For example you could issue those authorized users a token to use in order to access cardholder data when signing in. They’ll use both password and token number to sign on. Requirement seven requires card holder data to only be accessed by those with a need to know. Strong cryptography should be used when transmitting passwords across the