For many companies that process credit card data, the requirements of the Payment Card Industry Data Security Standard (PCI DSS) are all too familiar. But should companies that do not process credit cards implement the same data security restrictions? Today there is a veritable alphabet soup of data security standards to which companies can adhere, but because of its prescriptive nature, PCI DSS seems to be catching on as a viable option for companies that do not take credit cards, experts agree. For example, rather than simply stating that a firewall for web applications needs to be in place, PCI DSS describes in detail exactly what is required and how to configure it.
展开▼