Evaluating and designing a network and information security solution for a company in accordance with PCI DSS
Porter, Jere (2017)
Porter, Jere
Laurea-ammattikorkeakoulu
2017
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2017122022188
https://urn.fi/URN:NBN:fi:amk-2017122022188
Tiivistelmä
The payment industry is slowly shifting away from cash purchases to payment card solutions. Crimes related to stealing funds are often due to thieves obtaining card information. The objective of this thesis was to understand a target company’s environment and define what actions are required to be taken to improve payment card security.
The standard Payment Card Industry Data Security Standard(PCI-DSS) used worldwide the theoretical base and methodology of the thesis project. PCI clearly defines the requirements that must be fulfilled to guarantee that no outside parties can gain access to customer card data. The standard also offers self-assessment-questionnaires for companies to understand what exactly is required from their business. Different business solutions have different requirements, and therefore must adapt accordingly.
During the thesis project, the company environment was assessed in accordance with PCI guidelines. With the scope established, it was possible to determine the points of improvement. The result of the thesis is an analysis and proposal to the target company to use for improving security. The report allows the company to understand how a single security breach can have enormous consequences on business continuity snd what repercussions may follow. To avoid such an event, the company should fix the problems explained.
The standard Payment Card Industry Data Security Standard(PCI-DSS) used worldwide the theoretical base and methodology of the thesis project. PCI clearly defines the requirements that must be fulfilled to guarantee that no outside parties can gain access to customer card data. The standard also offers self-assessment-questionnaires for companies to understand what exactly is required from their business. Different business solutions have different requirements, and therefore must adapt accordingly.
During the thesis project, the company environment was assessed in accordance with PCI guidelines. With the scope established, it was possible to determine the points of improvement. The result of the thesis is an analysis and proposal to the target company to use for improving security. The report allows the company to understand how a single security breach can have enormous consequences on business continuity snd what repercussions may follow. To avoid such an event, the company should fix the problems explained.