We notice you are visiting from a U.S. Internet provider. 
08/02/2010 -
For businesses whose merchant services include debit and credit card processing, protecting cardholder data is of the utmost importance.One critical factor in doing so is proper access control - restricting who can access sensitive cardholder data, and having computer systems that properly recognise and authenticate only these users, payment processing magazine the Green Sheet reported.
This aspect falls under Requirement 8 of the PCI-DSS, a requirement that the magazine explored in depth in a recent article.
"The core idea behind Requirement 8 is that before you can control access, you first need to be certain who is trying to gain access," the Green Sheet reported. "There's not much value in having 10 bouncers at the front door of a nightclub with a detailed list of invited guests if a 60-year-old man can walk up and say, 'I'm Paris Hilton. Let me in,' and then be admitted."
The magazine advised merchants to make sure each user has a unique identifier, that all access to sensitive systems or data requires a password, and that passwords are both strong and are carefully managed.
Business services firm Cintas recently gave merchants similar advice, noting in a report published by U.S.-based National Association of Convenience Stores that passwords should be changed on a quarterly basis and should be made up of six to eight letters and numbers.
