Security of cardholders personal information and card data from unauthorize
persons, is key to successful operation of “e-commerce payment system”. Serious
emphasis is therefore placed on security of payment gateway infrastructure by
Card Issuing Banks. To archive it’s objectives, Payment Card Industry (PCI), a
body of Card Issuing Banks, met and decided to put in place; standard security
routing process that, payment gateway system must comply with.
It also agreed that the process be updated annually for compliance. A 6-step rule
called: Payment Card Industry Data Security Standard (PCI DSS), was then
outlined, that payment gateway system must satisfied as condition for
operation recognition. The rules it is believe will minimize or eliminate, e-
commerce payment fraud and provide protection for businesses involve in e-
commerce payment system.
PCI DSS rules below, is an adaptation extract from Visa Inc. web site and is
purely for appreciation of efforts of stakeholders in tackling e-payment fraud.
PCI DSS Regulations
- Build and Maintain a Secure Network
Install and maintain a firewall configuration, with personalized password for
the protection of cardholders data and other security parameters
- Protect Cardholders Data
Where necessary, cardholder data, stored in payment gateway server must be
protected. The data must also be encrypted in transmission across open
- Maintain a Vulnerability Management Program
Install anti-virus software and ensure it’s regular update. Develop and
maintain secure systems and payment gateway applications.
- Implement Strong Access Control Measures
Access to cardholder data (online or offline) must be on need-to-know basis. And
personnel with access to the data must be assigned unique ID and Password.
- Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data. Develop
routing test on your security systems and processes.
- Maintain an Information Security Policy
Put in place policy that will regularly address issues relating to information
security which must be adhere to by your personnel and associates in the
Cardholders and web surfers equally have responsibility to cover their tracks as
they log-in or fill sensitive forms online. Installation of antivirus software is
essential for the protection of web browser to avoid falling victim of fraudsters
that phish the internet. Antivirus protection prevent unwanted internet
intruders from accessing personal data and important information.