The thesis is about PCI DSS, which stands for Payment Card Industry Data
Security Standard. PCI DSS represents a uniőed approach to the protection of
sensitive card data and to prevention of abuses in the payment card industry.
Implementation of the standard in the company provides a higher level of
security, it maintains conődence, protection against abuse and consequently
protection against őnancial losses and loss of reputation.
When paying with credit cards, the őrst link in the chain of events is a merchant
that accepts payment cards. Right behind the merchant there are diferent
types of processors, that process payment cards information. These includes
payment processing centers, which are a link between the merchant and the
bank. The third link in the chain are the banks which have a contractual
relationship with both the cardholder and the merchant, who is willing to
accept payment cards. All of these organizations must implement standard
PCI DSS in their system if they want to do business with credit cards.
In this thesis we are focused on the implementation of standard PCI DSS in
the company of a large merchant. The goal of this thesis is to explore possible
solutions for implementation of standard PCI DSS in the company of a large
merchant and őnd out if the chosen solution is really the optimum choice.
In the őrst part we describe what standard PCI DSS is and what requirements
must be met in order to achieve compliance with the standard. We describe the
concept of PCI scope and name the reasons why it is necessary to minimize it.
In the second part we analyze the possible solutions for the implementation of
standard in the company. We described the process of implementing selected
solution to the company. We describe the components of the system that are
responsible for ensuring compliance with the PCI DSS, which are a product of
our own development. Finally, we analyze if the selected solution was really
optimal and suggest improvements and measures.
|