PCI compliance and how to take control Get ready for the PCI compliance deadline

If you accept credit or debit card payment, you're facing a deadline of December 2007 for achieving Payment Card Industry Data Security Standard (PCI DSS) compliance. Download our easy-to-follow guide to find out how you can successfully meet its security requirements.

Download:
Six easy steps to PCI compliance

Real examples of cardholder data theft

Between July 2005 and December 2006, at least 45.6 million credit and debit cards were compromised by criminals hacking into computer systems and stealing data at retail giant TJ Maxx. The company's owner now faces more than a dozen lawsuits.

Other well known organizations who have suffered from breaches of data security include Bank of America, Morgan Stanley, and Citibank. Smaller businesses are just as likely to be attacked, because they often have lower levels of security.

The PCI Data Security Standard

In response to this increasingly serious threat to credit card security, the PCI Security Standards Council was formed in 2006. The standard covers 12 key areas, and any organization or retailer that accepts payment card transactions, or that collects, processes or stores credit card transaction information, must be in compliance with the standard by the end of 2007.

The implications of non-compliance

The consequences of non-compliance range from fines of up to $500,000 to being restricted on what cardholder data can be processed, and even to exclusion from credit card programs altogether.

What we recommend

We can help you comply with the standard's 12 key areas with powerful anti-virus and network access control. Sophos NAC Advanced lets you assess and control who is trying to get on to your network, and blocks all unauthorized access, while Enterprise Security and Control stops viruses, spyware and other malware at every vulnerable point - from endpoint computers to email servers and the web.