LANSING – Michigan government has been certified for the third straight year that it is compliant with the Payment Card Industry’s strict standards for ensuring that cardholder information is protected and secure.

The PCI Data Security Standards apply to financial institutions, Internet vendors and retail merchants and detail the security measures and auditing procedures required to protect private cardholder information during payment card transactions. All major card brands require these Data Security Standards to assure the protection of cardholder data gathered during transactions.

?We?ve met the industry?s strict standards once again and I am proud of the work that?s been done to protect citizen?s private information,? said Ken Theis, Director of the Michigan Department of Technology, Management and Budget (DTMB) and CIO for the State of Michigan. ?Thanks to our partner agencies in state government and our strength in collaboration, we have been successful in achieving this very difficult certification.?

The effort to get Michigan re-certified has reduced potential costs to the state, including the avoidance of fines that can be levied if a state is out of compliance. Many state governments do not have centralized management of credit cards like Michigan, which means Michigan is one of the few states to have PCI compliance for all state credit card applications.

?Ensuring compliance with the Payment Card Industry?s strict standards is a difficult, but critical step,? said State Treasurer Robert J. Kleine. ?I am extremely proud of what our state agencies have accomplished, working together to obtain certification for a third consecutive year.?

Last year, one of the major accomplishments in achieving compliance was installing new credit card readers in all of the Secretary of State Branch Offices that accept credit cards.

Some of the major steps required for PCI compliance include:

Maintaining a firewall configuration to protect cardholder data

Not using vendor-supplied defaults for system passwords

Protecting stored cardholder data

Encrypting transmission of data across open/public networks

Using and updating anti-virus software

Developing and maintaining secure systems and applications

Restricting access to cardholder data to the need-to-know business

Assigning a unique ID to each person with computer access

Restricting physical access to cardholder data

Tracking and monitoring access to network resources

Regularly testing security systems and processes

Maintaining a policy focused on information security

?We are proud of the success we?ve had in keeping citizen information safe and secure,? added Trent Carpenter, Chief Information Security Officer for DTMB. ?Security and the protection of information is a continuous process, a process that we remain focused on throughout the year.?

For more information about PCI security standards, click on PCISecurityStandards.Org

a>>