Comparative Analysis: PCI DSS and Financial Services Act Report

Verified

Added on 2022/08/23

AI Summary

This report provides an overview of the Payment Card Industry Data Security Standard (PCI DSS) and the Financial Services Modernization Act of 1999. It explains PCI DSS as a crucial information security standard for organizations handling credit card data, mandated by card brands and administered by the PCI Security Standards Council to combat credit card fraud. The report details the validation process for compliance, including the roles of Qualified Security Assessors (QSA) and Internal Security Assessors (ISA). It then describes the Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act), which partially deregulated commercial industries and allowed integration across sectors like brokerage firms and insurance companies. The report also discusses the advantages and implementation of PCI DSS, including building a secure network, encryption, vulnerability management, secure applications, and regular network monitoring. The report concludes by emphasizing the importance of information security policies to protect consumer data.

PCI DSS
Student’s name
Institution Affiliation (s)
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Payment Card Industry Data Security Standard
The PCI DSS or the Payment Card Industry Data Security Standard can be explained as a
standard information security system for the organizational structure which handles the rewound
credit cards from several foremost card schemes. The brands of the cards mainly mandate the
PCI standard and are administrated through a council called Payment Card Industry Security
Standards Council. The introduction of PCI DSS was aimed at controlling the fraud related to
credit cards. The validation regarding the compliance is maintained quarterly or in an annual
process. It is done by an n external Qualified Security Assessor (QSA), or the organizational
specific Internal Security Assessor (ISA) does the work and makes a report regarding the
compliance for the business organizations. It is done for managing a massive volume of the
transactions or making the SAQ or the Assessment Questionnaire of the organizations, which
handles smaller numbers of size (Bonner, 2011).
The Security Standard Council of PCI touches huge people’s lives all over the world. In
an international or global business organization, it evolves and promotes the Payment Card
Industry Standards to provide safety regarding the data security of the cardholders worldwide.
The organizations serve people who are associated directly with the payment cards as well as
their employees. This includes financial institutions, hardware developers, all size merchants,
software developers and point-of-sale vendors. Who operates and create the process of global
payment infrastructure (Hemphill & Longstreet, 2016).
Financial Services Modernization Act of 1999
The Service Modernization Act of 1999 is a law which serves to partially deregulating the
commercial industries. The law provides an allowance to the companies that are working in the
economic sectors for integrating their operations. They invest and consolidate in the businesses

of each other. as per this Act, it includes the business sectors like brokerage firms, commercial
banks, investment dealers, and insurance companies. The Act of The Service Modernization Act
of 1999 is generally called Gramm-Leach-Bliley. This particular legislation was signed and
included in the system pf Law by President Bill Clinton in the year 1999. Several different parts
of the Glass-Steagall Act were repealed, which was separated investment and commercial
banking until 1993 (Gao, Liao & Wang, 2018).
The establishment of the financial companies has a lead from this aver in which FED
granted innovative and supervisory power. The Act, it stated that the banks would get a limited
financial subsidiary. The total sum of the commercial subsidiaries that have come from the banks
was approximately $50 billion. The Federal Reserve had the primary responsibility for imposing
the Act of business organizations. There were some restrictions generated from this Act, which
was beneficial for the society and its financial assistance. These restrictions instructed the banks
from providing underwritten securities (Arnaboldi, Lapsley & Dal Molin, 2016).
Advantages and implementation of PCI DSS
The standard provides security in various level requirements that businesses must meet to
implement a secure system for their cardholders and this several fall classes. The first
implementation requirement is building and maintaining a robust cybersecurity network. This is
achieved by installing and maintaining an up to date firewall configuration to ensure the
customer's financial data is safe. Organizations are not discouraged from using vendor-supplied
default system passcodes and other security-related parameters. The standard also requires
companies to use encryption to protect stored data. The encryption should also be applied to the
transmission of the cardholder data and sensitive information that is to be sent across public
networks (Shihab & Misdianti, 2014).

A business is expected to maintain a Vulnerability Management Software program by
utilizing an up to date anti-virus software suite while regularly updating the anti-virus definition
files to meet PCI expectations. A company can also ensure meeting required PCI mandates by
RCR implementing secure applications and systems. Another requirement is that businesses
should frequently monitor and test their networks to track all accesses to network resources
and cardholder information. Organizations can also secure consumer data by developing and
implementing an Information Security Policy that will address information security issues.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Reference
Arnaboldi, M., Lapsley, I., & Dal Molin, M. (2016). Modernizing public services: subtle interplays of
politics and management. Journal of Accounting & Organizational Change, 12(4), 547-567.
DSS, P. (2016). Payment Card Industry Data Security Standards. International Information
Security Standard.
Bonner, E. (2011). Implementing the Payment Card Industry (PCI) Data Security Standard (DSS).
TELKOMNIKA (Telecommunication Computing Electronics and Control), 9.
https://doi.org/10.12928/telkomnika.v9i2.709
Gao, Y., Liao, S., & Wang, X. (2018). Capital markets’ assessment of the economic impact of the
Dodd-Frank Act on systemically important financial firms. Journal of Banking & Finance, 86,
204-223.
Hemphill, T. A., & Longstreet, P. (2016). Financial data breaches in the US retail economy: Restoring
confidence in information technology security standards. Technology in Society, 44, 30-38.
Shihab, M. R., & Misdianti, F. (2014). Moving towards PCI DSS 3.0 compliance: A case study of
credit card data security audit in an online payment company. 2014 International Conference on
Advanced Computer Science and Information System, 151–156.
https://doi.org/10.1109/ICACSIS.2014.7065872