Payment Card Industry (PCI) -- Challenges and Issues for RACF Systems

The PCI Data Security Standards apply to any company that transmits, processes or stores credit card “cardholder” data.  While many companies are exempt from PCI, companies are not exempt from protecting their sensitive data which includes customer, company confidential and Personally Identifiable Information (PII).  This presentation provides an overview of  the PCI Data Security Requirements, why they evolved, why they are important and how the requirements can leveraged by all companies to improve their overall compliance program.  Several of the requirements will be discussed in detail, the “hidden meaning” of the requirement will be revealed, and examples will be provided showing how RACF controls can be implemented, and supporting evidence collected, to demonstrate compliance.