The application server is the server that PC ADS compliance will be the center point. The database server manages all data stored locally with direct attached storage and does not need PC ADS standards as long as it is stored locally. The best practices for PC ADS compliance start with engaging all internal resources. All employees of Yielder Company must meet the PC Compliance ADS standards, you need to raise the awareness of PC at all levels of the organization. Tools must be provided to assist in making sure everyone is PC ADS compliance.
Visa is partnering with the National Federation of Independent Business (NAB), to offer a new Web site, with free information, including webzines, educational materials and tools to assist educate small-business owners (Young 2007). The next point to being PC ADS compliant, is to have seek a partner to assist with PC compliance program, Controls offers a number of solutions for merchants, ISO and acquirers and currently partners with one of the largest acquirers in the United States. Also, PC Security Council has a list of approved
Saves and AAAS. Visa and Mastered also offer their own lists on each Web site (Young 2007). Once PC ADS compliance is setup, it is important to promote and advocate for PC Compliance within Yielder, getting the word out to all within an organization is an ongoing key component to any successful implementation program. This can be done on the website, emails, letters, and statements. Controls builds a customized PC gateway for all ISO and acquirer partners which can be used as a centerpiece of the PC compliance solution (Young 2007).
It is now vital to supply tools for the merchant to verify the you are PC compliant. This includes offering suggestions on partner service providers who can advice and consult with the merchants in the areas of forensic investigation, network scans (Saves) and security assessments. Controls offer a complete checklist and procedure package for the partnering acquirer or ISO (Young 2007). It is needed at this time to implement and maintain a tracking and reporting system. Communication is vital between the bank, ISO ,merchants and third parts Saves and AAAS.
It’s necessary to acquire bank tracking and report all of its progress with the merchants and third-party providers (Young 2007) (Young, 2007)i. PC compliance seminar hosted by Visa, the most common security holes that are leading merchants to flunk their audits are as follows: On-patched systems Poor password policies and enforcement Insecure services on servers Insecure default settings, such as encrypting wireless connections Poorly coded, web-facing applications which cause SQL injections Storage and location of prohibited data such as account numbers, OCW and PINs (Young 2007)