Branded card holder companies like VISA, MasterCard, American Express, Discover and JCB belonging to payment card industry were running their separate data security programs. Then, they decided to collaborate their efforts for better information security by floating an organization name PCI DSS. This is called as Payment Card Industry Data Security Standard. The security standard regulated by the body is a set of processes to stop financial data breach. The body monitors and ensures that the rules and regulations are implemented and followed stringently at the client and card holder’s end.
Payment Card control objectives and data security requirements are listed for better clarity. Some of them are to develop and maintain a secure network, privacy of card holder’s data, data breach vulnerability program, strong access control measures, periodical monitoring and testing, maintain information security policy. All the processes are formulated and followed based on these basic requirements.
As per the framework, the vendors has to install and maintain a firewall to prevent from piracy attack. The card holders are barred from using any password forwarded by the vendor. Any kind of card holder data should be protected under any circumstances. There should be regular use of anti virus to protect the system from any malware attack. A unique ID to be provided to the user dealing with financial data for easy tracking of any misdeed. A routine monitoring check of the data security and its physical access has to be tracked and safeguarded. Regular testing has to be done to understand its sustaining capabilities against hacking.
Industries which are more prone to bulk and instant financial transaction through payment cards like credit cards and debit cards need frequent attention of the data security standardization. Resorts and casinos, retail, ecommerce etc are more prone to frequent financial transactions. These industries are also very much vulnerable to financial fraudulent activities and ,so, utmost care has been taken by the PCI. Casinos in particular have many activities like dinning, spas & fitness, events, golf apart from gambling which indulges patrons for extensive financial transactions. Personal information resulting due to these transactions are been stored by the casinos for understanding consumer behavior and pushing services in packages that will ensure more spend by patrons. There are government bodies like New York Gaming commission, Nevada Gaming Control Board, etc, apart from PCI DSS who ensures in securing the best interest of the patrons. This regulatory body intervenes and ensures that the Casinos does regular checks into any kind of patron’s data breach possibilities. These bodies provides license to the vendors for carrying out any operation for casinos. To prevent any data theft, the patrons have to provide government issued identification number to prove their age and eligibility. Secondly, the patron must forward their contact information like email address and residential address and lastly, enter a secure PIN number which will be confidential for any secure transaction with the casinos. An article 603A of the constitution is in place to safeguard patron’s interest. The government bodies ensure proper maintenance of security measures, encrypting the data as mentioned in the Personal Information while in transmission and data storage device and disclosing security breaches which would have impacted Personal identification.