Tuesday, October 15, 2019
Financial Regulation & Supervision Essay Example | Topics and Well Written Essays - 2250 words
Financial Regulation & Supervision - Essay Example These regulations not only protect the firms involved in online transactions but also the cardholders from being exploited by the online frauds. Such compliance requirements have posed new challenges as to how to minimize compliance costs and continuously monitor the security systems to stay ahead of web criminals. Nevertheless, the benefits seem to surpass the costs associated with these regulations. Table of Contents Executive Summary 2 Table of Contents 3 Introduction 4 Facts of the Case 5 Andrewsââ¬â¢ Options with Bank 6 Advantages of PCI DSS Compliance Advisor 10 Conclusion 11 References 13 Bibliography 15 Introduction A few years back the fraud in payment cards was conducted by small time criminals who used to take the advantage of opportunities as they came along. However, today it has become a well organized crime where sensitive customer information is stolen and ruthlessly exploited, affecting millions of cardholders and retail businesses. Considering this the PCI DSS we re introduced. PCI refers to ââ¬ËPayment Card Industryââ¬â¢ and DSS to ââ¬ËData Security Standardââ¬â¢ (Carpenter, 2010). ... ember 2006 for the management and development of PCI security standards to improve the payment account security in transaction process (PCI Compliance Guide, n.d.). PCI SSC was formed by major credit card brands like VISA, American Express, MasterCard, JCB and Discover (Kim and Solomon, 2010, p.395). These brands and their acquirers are responsible for the enforcement of compliance with the standards. All the merchant companies that process transmit and store the cardholder data should be PCI DSS compliant. There are three steps in adherence to the standards: 1. Assess: This involves identification of cardholder data, inventory of business processes and IT assets along with an analysis of vulnerability in the security system for potential cardholder data exposure. 2. Remediate: No to store cardholder data unless needed and fix the vulnerabilities identified in step 1. 3. Report: Compilation and submission of required validation records and compliance report to the acquiring bank and the payment card company (Hart et al, 2010, p.357). There are four merchant levels: Level 1: The level 1 merchant has aggregate annual online transactions of more than six million and has been subject to cardholder data breach or poses significant risk. They are required to have an onsite audit every year by Qualified Security Assessor and quarterly network security scan by Approved Scanning Vendor (Bradley, 2007, p.209). Level 2: The level 2 merchant has annual aggregate transaction between one million and six million. They should submit PCI DSS self assessment questionnaire on an annual basis and conduct network scans every three months by Approved Scanning Vendor. Level 3: The level 3 merchants have annual aggregate transactions between 20,000 and one million; therefore, they should PCI
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment