NBAD Credit Cards


Locate NBAD Branch / ATM
ATM Branch
Locate
Apply For NBAD Services
Apply

Overview

The use of payment cards has seen a dramatic rise in the last few years where they replaced cash purchases and proved to be a safer and more practical payment method. Furthermore, with the rise of e-commerce and on-line purchasing, payment cards have become an unavoidable norm for both business and consumers.
This increase in payment card use though resulted in the introduction of several security risks, such as identity theft and cardholder data compromise, leading to serious impacts (financial and reputational) on both Customers and Merchants.

In light of this, VISA, MasterCard, and many other players in the Payment Card Industry joined together and created a new Payment Card Industry Data Security Standard (PCI- DSS) in 2004. The standard aims to apply information security best practices to protect cardholder’s sensitive data during information storage, processing and transmission.
It also aims to provide a standard framework that facilitates a wider adoption of security controls globally.

The security standards and leading industry practices offered by PCI Data Security Standard are designed to protect the confidentiality, availability and integrity of customer data.

Cardholder Data
Cardholder data refers to the information which is associated with payment cards and defines the details required to authenticate and complete a transaction. Please refer to the below figure:

PCI- DSS Requirements
The Global PCI Council has established 12 high level domains to secure and protect cardholder data during information storage, processing and transmission. These requirements cover administrative controls, physical security and technical security.
Not all Merchants need to abide by all 12 domains and their sub controls. The specific controls applicable to your organization depend on the nature and size of your company, and your cardholder data environment.
Below is the list of the 12 domains:

Build and Maintain a Secure Network
  1. Install and maintain a firewall configuration to protect data
  2. Do not use vendor supplier defaults for system passwords and other security parameters

Protect Cardholder Data

  1. Protect Stored Data
  2. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict Access to data by business need-to-know
  2. Assign unique Ids to each person with computer access
  3. Restrict Physical access to cardholder Data

Regularly Monitor and Test networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a Policy that addresses Information Security