MN plastic card security act

California Security Breach Information Act (SB-1386) | What You Need to Know.

In short, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information has been breached or compromised. thus, the Act stipulates that if there’s a security breach of a database containing personal data, the responsible entity must notify each and every individual for whom it maintained the information for. The Act, which went into effect July 1, 2003, was created to help stem the alarming growth of identity theft, which has many consumers on the edge and frightened concerning the protection of their personal data.

Here’s what’s important to grasp for a regulatory compliance aspect. The California SB-1386 is a trend that is sweeping the nation and will only continue to grow as concerns for the security of confidential information become more paramount. Gov. Tim Pawlenty signed the MN Plastic Card Security Act, essentially codifying parts of the Payment Card Industry Data Security Standards (PCI DSSS) into law.

Auditors need to be aware of these rules and regulations and their overall impact they can have on an audit, be a SAS 70 audit, HIPAA or GLBA audit or even a PCI DSS Assessment.

PCI DSS Compliance for Merchants and Service Providers | Compliance is MANDATORY

That’s right. Compliance for the Payment Card Industry Data Security Standards, simply known as PCI DSS, is mandatory for all merchants and many service providers. How mandatory? Enough for MN Governor Tim Pawlenty to sign into law and codify various provisions of the PCI DSS mantra. Mandatory in that even small merchants processing only a handful of payment transactions (credit, debit, gift cards) have to conduct their own self-assessment for PCI DSS, or obtain help from an external PCI QSA or other qualified payment card specialist. The just of it is this-PCI DSS compliance is not going away, rather, it will only become more paramount in the years ahead. The key to comply with PCI DSS is to know what level you fall under regarding compliance and what needs to be done for that respective level of compliance. Turn to pciassessment.org to learn all you need to know about the Payment Card Industry Data Security Standards compliance.

Payment Card Industry Data Security Standards (PCI DSS) | Tips and Strategies

If you are a merchant or service organization and need to be payment card industry (PCI) compliant with the PCI DSS provisions, then there are a number of important points you need to know. First and foremost, you need to identify what level you are in accordance with PCI DSS requirements. You can find this information at pciassessment.org.

Second, you will need to find a qualifed QSAC (Qualified Security Assessor Company) that can assist you with all levels of PCI compliance, regardless of what level you fall under. Third, you will need to have the QSAC conduct a PCI DSS readiness for understanding your cardholder transaction environment and what gaps, holes, and deficiencies you may have that could hinder the overall PCI DSS assessment process. Easier said than done? It sure is, as most companies are good at what they do, but are very weak in having documented policies and procedures in place for PCI DSS compliance. I stress this because it is one of the biggest and most often overlooked areas of PCI DSS compliance. While we all get carried away talking about firewalls, routers, anti-virus, DMZ, etc, many times organizations fail to recognize the importance of documented policies and procedures.

To learn more about PCI DSS compliance, visit pciassessment.org

PCI DSS | Payment Card Industry Data Security Standards

PCI DSS requirements, also known as the Payment Card Industry Data Security Standards, is becoming quite commonplace in today’s heightened regulatory compliance environment. The state of Minnesota, under Governor Tim Pawlenty, even codified part of PCI compliance, putting it into law.

Merchants, service providers and a host of other entities directly involved in the processing, storage, or transmission of transaction data or cardholder data should be looked upon as PCI DSS candidates for compliance. What’s important to note is that just as you need to crawl before you walk, you also need to make sure you have a number of policies, procedures, and initiatives in place before trying to tackle PCI DSS compliance.

What’s needed is an effective PCI DSS Roadmap to compliance; A step by step process for ensuring that your organization achieves PCI compliance in a cost-effective, scalable and efficient manner.