close print view
Michigan Government Earns Coveted 'PCI Compliance'
Date: May 6, 2008
Contact: Kurt Weiss, MDIT, (517) 335-0050
State of Michigan Meets Rigorous Payment Card Security Standards
Lansing , MI - Michigan citizens can breathe even easier when it comes to doing business with the State of Michigan by way of a payment card. Michigan government has certified that it is compliant with the Payment Card Industry’s (PCI) strict standards for ensuring that cardholder information is protected and secure.
“This is a monumental accomplishment for the State of Michigan ,” said Ken Theis, Director of the Michigan Department of Information Technology (MDIT) and CIO for the State of Michigan . “The fact that Michigan was able to gain compliance shows the commitment we have to ensuring that our citizens are safe and secure when sharing their payment card information with the state.”
The PCI Data Security Standards apply to financial institutions, Internet vendors and retail merchants that detail the security measures and auditing procedures required to protect private cardholder information during payment card transactions. All major card brands require these Data Security Standards to assure the protection of cardholder data gathered during transactions.
“Becoming compliant with the Payment Card Industry’s strict security standards is no small feat,” added State Treasurer Robert Kleine. “I am extremely proud of what we have done to get to this point, proud of our partnership with MDIT, and proud that we are living up to the trust that our citizens place in the hands of their government.”
Michigan used the “digital dozen” to become PCI compliant, which included:
- Installing and maintaining a firewall configuration to protect cardholder data
- Not using vendor-supplied defaults for system passwords
- Protecting stored cardholder data
- Encrypting transmission of data across open/public networks
- Using and updating anti-virus software
- Developing and maintaining secure systems and applications
- Restricting access to cardholder data to the need-to-know business
- Assigning a unique ID to each person with computer access
- Restricting physical access cardholder data
- Tracking and monitoring access to network resources
- Regularly testing security systems and processes
- Maintaining a policy focused on information security
For more information about PCI security standards, please visit: https://www.pcisecuritystandards.org/