|
|
| Regulations & Compliance |
 prev | index | next  |
 |
Visa's CISP
(Cardholder Information Security Program) |
|
June 2001
http://usa.visa.com/business/accepting_visa/ops_risk_management/
cisp.html?ep=v_sym_cisp
Description
Visa's Cardholder Information Security Program is the standard for securing Visa cardholder data and is required of all entities that store, process, or transmit Visa cardholder data ¨C including retail, mail/telephone order, and e-commerce. The purpose of the program is to protect cardholder information, reduce fraud, and identify security issues that could lead to the compromise of Visa cardholder information.
In order to comply with CISP, an organization must:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a Vulnerability Management Program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an Information Security Policy
In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard resulting from collaboration between Visa and MasterCard to create common industry security requirements. Visa USA maintains CISP as the managing program for data security compliance endorsing the PCI Data Security Standard.
CISP compliance penalties
If a member, merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may:
- Fine the responsible member
- Impose restrictions on the merchant or its agent
For example:
If a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident. Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident .
The potential result of non-compliance being severely damaged financial health and a company reputation.
Audit Body
Visa USA, Interlink, and Plus Systems' Operating Regulations govern the activities of member financial institutions and, by extension, merchants and service providers as participants in the Visa payment system.
Industry Affected
Required of all entities that store, process, or transmit Visa cardholder data (including retail, mail/telephone order, and e-commerce).
Distributed Taps and CISP Compliance
VSS help's to provide real-time, 24x7, network monitoring and security policy enforcement so your company is protected to the fullest possible extent.
VSS helps to support the following CISP requirements:
1. Build and maintain a secure network
2. Protect cardholder data (VSS helps to collect the valuable forensic information in the event of data theft.)
3. Maintain a Vulnerability Management Program: The continual network monitoring with the help of VSS taps helps to identify and alert of vulnerabilities.
4. Implement strong access control measures: VSS helps to create access controls by insuring the monitoring of the network for any anomalies or policy violations.
5. Regularly monitor and test networks: With the help of VSS monitoring taps you can monitor your entire network 24x7 without impacting network performance.
|
|
|
| prev | index | next |
|
