The thesis is about PCI DSS, which stands for Payment Card Industry Data Security Standard. PCI DSS represents a uniőed approach to the protection of sensitive card data and to prevention of abuses in the payment card industry. Implementation of the standard in the company provides a higher level of security, it maintains conődence, protection against abuse and consequently protection against őnancial losses and loss of reputation. When paying with credit cards, the őrst link in the chain of events is a merchant that accepts payment cards. Right behind the merchant there are diferent types of processors, that process payment cards information. These includes payment processing centers, which are a link between the merchant and the bank. The third link in the chain are the banks which have a contractual relationship with both the cardholder and the merchant, who is willing to accept payment cards. All of these organizations must implement standard PCI DSS in their system if they want to do business with credit cards.
In this thesis we are focused on the implementation of standard PCI DSS in the company of a large merchant. The goal of this thesis is to explore possible solutions for implementation of standard PCI DSS in the company of a large merchant and őnd out if the chosen solution is really the optimum choice. In the őrst part we describe what standard PCI DSS is and what requirements must be met in order to achieve compliance with the standard. We describe the concept of PCI scope and name the reasons why it is necessary to minimize it. In the second part we analyze the possible solutions for the implementation of standard in the company. We described the process of implementing selected solution to the company. We describe the components of the system that are responsible for ensuring compliance with the PCI DSS, which are a product of our own development. Finally, we analyze if the selected solution was really optimal and suggest improvements and measures.
|