The Payment Card Industry (PCI) Data Security Standard is a world-wide benchmark mandated by the card schemes (VISA, Mastercard, Amex, Diners, JCB) for the protection of cardholder identity and transaction information. It requires users of card data to:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management programme
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Each of theses six requirements is supported by one to three major recommendations, which are subdivided into over 170 detailed controls on the storage, transmission and use of card data. This includes requirements for the management of computer systems, network devices and software used to store, process and transmit the data. Refer to PCI DSS 1.1 and PCI Audit Procedures 1.1, both in the PCI Security Standards Council (PCI SSC) web site.
Minimising the Impact of PCI DSS in the Betting Industry
Finsoft ‘s MarginMaker (TM) enjoys a widespread use in the betting industry worldwide. Finsoft engaged leading UK PCI specialists to review its organisational processes and the technology used to deliver and support Margin Maker (TM), with the goal of reducing the impact of PCI DSS for its clients.
By re-architecting key elements of MarginMaker (TM), Finsoft has been able to concentrate all card-oriented activity into a highly secure appliance-type unit known as Finsoft PCI-C. This device can be represented diagrammatically as per the illustration below. In simple terms, it implements the following key functions:
- Payments (settlement)
The PCI-C device is accompanied by a toolset of software interfaces to enable external programs to authenticate and use the device, and by a set of secure processes which ensure the continued security of the device itself. Finsoft also provides a maintenance service to future-proof PCI-C against any changes in the standard itself .
For more information, visit Finsoft Web site.