Merchants you must implement strong access control measures to cardholder data, this is written in requirment 7 of PCI security requirements. If you have several people who have access to card holder data you must have a formal security policy that lays out a statement of least privilege. You can write your own in simple terms that everyone will understand.
Unauthorized access to cardholder data is punishable up to immediate termination. You as a manager must let your staff know this is as serious as losing employment.
Let everyone know fines up to 500,000 dollars can be levied against the company for a breech.
Sunday, February 7, 2010
Subscribe to:
Posts (Atom)