Payment Card Industry Data Security Standards (PCI DSS) Project
While payment via credit card is an advantage for the citizen and the institutions, it does increase the risk of a security breach from cyber criminals who are making concerted efforts to harvest personal identity information from Internet based systems.
For institutions, a breach would be expensive in terms of the unbudgeted cost to respond and remediate. In an effort to reduce the risk of data breach caused by such attacks, the credit card industry created the Payment Card Industry Data Security Standard (PCI DSS).
The data security framework was created by the major credit card companies (American Express, Discover Financial Services, MasterCard Worldwide, and Visa International). Prior to 2004, each of the associations had a proprietary set of information security requirements which were often burdensome and repetitive for participants in multiple brand networks. The associations subsequently created a uniform set of information security requirements for all national card brands.
The PCI DSS project consists of two phases for each institution: a discovery phase and an external vulnerability assessment phase.
Phase I: Discovery
During the Discovery Phase, documentation is reviewed and interviews are performed in order to create a PCI DSS gap analysis. Utilizing the framework described (assess, remediate, and report) the data flow of payment through the network and servers will be documented in order to manage the PCI DSS compliance scope.
Phase II: External Vulnerability Assessment
The External Vulnerability Assessment is broken out into information gathering, vulnerability and port scanning, and vulnerability identification. PCI DSS requires that external vulnerability assessments be performed on a quarterly basis. The project team will coordinate these assessments with each institution following completion of Phase I.
Project Sponsor
Laura King
651-297-5579
laura.king@so.mnscu.edu
Project Owners
Tim Stoddard
651-297-1309
tim.stoddard@so.mnscu.edu
Bev Schuft
651-201-1443
bev.schuft@csu.mnscu.edu
Project Manager Frank Zobitz
612-548-2037
frank.zobitz@csu.mnscu.edu
