{"id":14930,"date":"2024-05-28T17:38:48","date_gmt":"2024-05-28T14:38:48","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=14930"},"modified":"2024-05-28T17:41:43","modified_gmt":"2024-05-28T14:41:43","slug":"pci-dss-nedir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/","title":{"rendered":"PCI DSS Nedir? Neden \u00d6nemlidir?"},"content":{"rendered":"<p data-pm-slice=\"1 1 []\">G\u00fcn\u00fcm\u00fcz dijital \u00e7a\u011f\u0131nda, kredi kartlar\u0131yla yap\u0131lan i\u015flemlerin g\u00fcvenli\u011fi, hem i\u015fletmeler hem de t\u00fcketiciler i\u00e7in b\u00fcy\u00fck bir \u00f6nem ta\u015f\u0131maktad\u0131r. Kredi kart\u0131 verilerini korumak amac\u0131yla olu\u015fturulan <strong>Payment Card Industry Data Security Standard (PCI DSS) \u2013 \u00d6deme Kart\u0131 End\u00fcstrisi Veri G\u00fcvenli\u011fi Standard\u0131<\/strong>, bu alandaki en \u00f6nemli g\u00fcvenlik \u00e7er\u00e7evelerinden biridir. Bu makalede, PCI DSS\u2019in amac\u0131, ilkeleri, gereksinimleri ve uyumluluk seviyeleri hakk\u0131nda detayl\u0131 bilgiler sunarak, bu kritik standart\u0131n neden \u00f6nemli oldu\u011funu ve i\u015fletmeler i\u00e7in hangi faydalar\u0131 ve zorluklar\u0131 beraberinde getirdi\u011fini inceleyece\u011fiz.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a0574a63f9b4\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-6a0574a63f9b4\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSS-Nedir\" >PCI DSS Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSSnin-Amaci-Nedir\" >PCI DSS&#8217;nin Amac\u0131 Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSSin-6-Ilkesi-Nedir\" >PCI DSS&#8217;in 6 \u0130lkesi Nedir?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Guvenli-bir-ag-ve-sistemi-olusturmak-ve-surdurmek\" >G\u00fcvenli bir a\u011f ve sistemi olu\u015fturmak ve s\u00fcrd\u00fcrmek<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Kart-sahibi-bilgilerini-korumak\" >Kart sahibi bilgilerini korumak<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Bir-guvenlik-acigi-yonetim-programi-surdurmek\" >Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 y\u00f6netim program\u0131 s\u00fcrd\u00fcrmek<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Guclu-erisim-kontrol-onlemleri-uygulamak\" >G\u00fc\u00e7l\u00fc eri\u015fim kontrol \u00f6nlemleri uygulamak<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Aglari-duzenli-olarak-izlemek-ve-test-etmek\" >A\u011flar\u0131 d\u00fczenli olarak izlemek ve test etmek<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSSin-12-Gereksinimi-Nelerdir\" >PCI DSS&#8217;in 12 Gereksinimi Nelerdir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSS-Uyumluluk-Seviyeleri\" >PCI DSS Uyumluluk Seviyeleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Seviye-1\" >Seviye 1<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Seviye-2\" >Seviye 2<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Seviye-3\" >Seviye 3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#Seviye-4\" >Seviye 4<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSS-Uyumunun-Faydalari-ve-Zorluklari\" >PCI DSS Uyumunun Faydalar\u0131 ve Zorluklar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSSnin-Faydalari\" >PCI DSS\u2019nin Faydalar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSSnin-Zorluklari\" >PCI DSS\u2019nin Zorluklar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSS-Tarama-Nedir\" >PCI DSS Tarama Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/pci-dss-nedir\/#PCI-DSS-Comodo-HackerGuardian\" >PCI DSS Comodo HackerGuardian<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSS-Nedir\"><\/span><strong>PCI DSS <\/strong><strong>Nedir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>PCI DSS (Payment Card Industry Data Security Standard)<\/strong> &#8211; \u00d6deme Kart\u0131 End\u00fcstrisi Veri G\u00fcvenli\u011fi Standard\u0131, kredi, banka ve nakit kart i\u015flemlerinin g\u00fcvenli\u011fini en \u00fcst d\u00fczeye \u00e7\u0131karmak ve kart sahiplerinin ki\u015fisel bilgilerinin k\u00f6t\u00fcye kullan\u0131lmas\u0131n\u0131 \u00f6nlemek amac\u0131yla olu\u015fturulmu\u015f geni\u015f \u00e7apta kabul g\u00f6rm\u00fc\u015f bir dizi politika ve prosed\u00fcrden olu\u015fur.<\/p>\n<p>PCI DSS, siber g\u00fcvenlik ihlallerini \u00f6nlemek ve \u00f6deme kart\u0131 bilgilerini i\u015fleyen, depolayan ve ileten kurulu\u015flar i\u00e7in doland\u0131r\u0131c\u0131l\u0131k riskini azaltmak i\u00e7in tasarlanm\u0131\u015ft\u0131r.<\/p>\n<blockquote><p><strong>PCI DSS bir yasa veya yasal bir d\u00fczenleme de\u011fildir. Ancak, \u00f6deme kart\u0131 i\u015flemleri ger\u00e7ekle\u015ftiren i\u015fletmeler i\u00e7in genellikle s\u00f6zle\u015fmesel bir y\u00fck\u00fcml\u00fcl\u00fck olarak kabul edilir. Bu t\u00fcr i\u015flemleri ger\u00e7ekle\u015ftiren kurulu\u015flar\u0131n PCI DSS\u2019in gereklerini yerine getirmesi, m\u00fc\u015fterilerine g\u00fcvenli bir ortam sa\u011flamak ad\u0131na zorunludur.<\/strong><\/p>\n<p><strong>PCI DSS, 2004 y\u0131l\u0131nda Visa, Mastercard, Discover, JCB ve American Express gibi be\u015f b\u00fcy\u00fck kredi kart\u0131 \u015firketi taraf\u0131ndan olu\u015fturulmu\u015ftur. PCI DSS y\u00f6nergelerini geli\u015ftiren kurulu\u015f ise Payment Card Industry Security Standards Council (PCI SSC) ad\u0131n\u0131 ta\u015f\u0131r.<\/strong><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSSnin-Amaci-Nedir\"><\/span><strong>PCI DSS&#8217;nin <\/strong><strong>Amac\u0131 <\/strong><strong>Nedir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PCI DSS&#8217;in temel amac\u0131, kredi kart\u0131 numaralar\u0131, son kullanma tarihleri ve g\u00fcvenlik kodlar\u0131 gibi hassas kart sahibi bilgilerinin g\u00fcvenli\u011fini korumak ve optimize etmektir. Bu standart, i\u015fletmelerin veri ihlali, doland\u0131r\u0131c\u0131l\u0131k ve kimlik h\u0131rs\u0131zl\u0131\u011f\u0131 riskini minimize etmelerine yard\u0131mc\u0131 olur.<\/p>\n<p>Ayr\u0131ca, PCI DSS&#8217;e uyumluluk, i\u015fletmelerin kredi kart\u0131 verilerini i\u015flerken, depolarken ve iletirken en iyi end\u00fcstri uygulamalar\u0131na uymalar\u0131n\u0131 sa\u011flar. Bu da, m\u00fc\u015fteriler ve payda\u015flar aras\u0131nda g\u00fcven tesis eder.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSSin-6-Ilkesi-Nedir\"><\/span><strong>PCI DSS&#8217;in 6 \u0130lkesi Nedir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>PCI G\u00fcvenlik Standartlar\u0131 Konseyi (PCI SSC), <\/strong>PCI DSS i\u00e7in alt\u0131 ana hedef belirlemi\u015ftir:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guvenli-bir-ag-ve-sistemi-olusturmak-ve-surdurmek\"><\/span><strong>G\u00fcvenli bir a\u011f ve sistemi olu\u015fturmak ve s\u00fcrd\u00fcrmek<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kredi kart\u0131 i\u015flemlerinin g\u00fcvenli bir a\u011fda ger\u00e7ekle\u015ftirilmesi gerekmektedir. G\u00fcvenlik altyap\u0131s\u0131, etkili olacak kadar g\u00fc\u00e7l\u00fc ve karma\u015f\u0131k, ancak kart sahipleri veya sat\u0131c\u0131lar i\u00e7in rahats\u0131zl\u0131k yaratmayacak \u015fekilde olmal\u0131d\u0131r. Kablosuz yerel alan a\u011flar\u0131 i\u00e7in \u00f6zel g\u00fcvenlik duvarlar\u0131 mevcuttur, \u00e7\u00fcnk\u00fc bu t\u00fcr a\u011flar k\u00f6t\u00fc niyetli sald\u0131r\u0131lara kar\u015f\u0131 olduk\u00e7a hassast\u0131r. Sat\u0131c\u0131 taraf\u0131ndan sa\u011flanan kimlik do\u011frulama verileri, ki\u015fisel kimlik numaralar\u0131 ve \u015fifreler s\u00fcrekli olarak kullan\u0131lmamal\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kart-sahibi-bilgilerini-korumak\"><\/span><strong>Kart sahibi bilgilerini korumak<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PCI DSS&#8217;ye uyan kurulu\u015flar, kart sahibi bilgilerini nerede saklan\u0131yorsa saklans\u0131n korumal\u0131d\u0131r. Do\u011fum tarihleri, annelerin k\u0131zl\u0131k soyadlar\u0131, Sosyal G\u00fcvenlik numaralar\u0131, telefon numaralar\u0131 ve posta adresleri gibi hayati verilerin sakland\u0131\u011f\u0131 yerler ve kaynaklar g\u00fcvenli olmal\u0131d\u0131r. Kart sahibi bilgilerinin kamuya a\u00e7\u0131k a\u011flar \u00fczerinden iletimi \u015fifrelenmelidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bir-guvenlik-acigi-yonetim-programi-surdurmek\"><\/span><strong>Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 y\u00f6netim program\u0131 s\u00fcrd\u00fcrmek<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kart hizmetleri kurulu\u015flar\u0131, sistemlerini k\u00f6t\u00fc niyetli yaz\u0131l\u0131mlar\u0131n faaliyetlerinden koruyan risk de\u011ferlendirme ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 y\u00f6netim programlar\u0131 uygulamal\u0131d\u0131r. T\u00fcm uygulamalar, kart sahibi verilerinin \u00e7al\u0131nmas\u0131na veya de\u011fi\u015ftirilmesine neden olabilecek hatalardan ve g\u00fcvenlik a\u00e7\u0131klar\u0131ndan ar\u0131nd\u0131r\u0131lm\u0131\u015f olmal\u0131d\u0131r. Yaz\u0131l\u0131m ve i\u015fletim sistemleri d\u00fczenli olarak g\u00fcncellenmelidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guclu-erisim-kontrol-onlemleri-uygulamak\"><\/span><strong>G\u00fc\u00e7l\u00fc eri\u015fim kontrol \u00f6nlemleri uygulamak<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sistem bilgilerine ve operasyonlara eri\u015fim k\u0131s\u0131tlanmal\u0131 ve kontrol edilmelidir. Sistemde bilgisayar kullanan herkes benzersiz ve gizli bir kimlik ad\u0131 veya numaras\u0131 ile tan\u0131mlanmal\u0131d\u0131r. Kart sahibi verileri hem fiziksel hem de elektronik olarak korunmal\u0131d\u0131r. Fiziksel koruma, belge imha cihazlar\u0131 kullanma, belge \u00e7o\u011faltma s\u0131n\u0131rlar\u0131, \u00e7\u00f6p konteynerlerine kilitler ve sat\u0131\u015f noktalar\u0131nda g\u00fcvenlik \u00f6nlemleri almay\u0131 i\u00e7erebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Aglari-duzenli-olarak-izlemek-ve-test-etmek\"><\/span><strong>A\u011flar\u0131 d\u00fczenli olarak izlemek ve test etmek<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik \u00f6nlemlerinin yerinde oldu\u011funu, d\u00fczg\u00fcn \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve g\u00fcncel oldu\u011funu do\u011frulamak i\u00e7in a\u011flar d\u00fczenli olarak izlenmeli ve test edilmelidir. \u00d6rne\u011fin, antivir\u00fcs ve casus yaz\u0131l\u0131m kar\u015f\u0131t\u0131 programlar en son tan\u0131m ve imzalara sahip olmal\u0131d\u0131r. Bu programlar s\u00fcrekli olarak t\u00fcm veri al\u0131\u015fveri\u015flerini, uygulamalar\u0131, RAM&#8217;leri ve depolama medyalar\u0131n\u0131 taramal\u0131d\u0131r.<\/p>\n<p>Bir bilgi g\u00fcvenli\u011fi politikas\u0131 s\u00fcrd\u00fcrmek. Resmi bir bilgi g\u00fcvenli\u011fi politikas\u0131 tan\u0131mlanmal\u0131, s\u00fcrd\u00fcr\u00fclmeli ve t\u00fcm kat\u0131l\u0131mc\u0131 varl\u0131klar taraf\u0131ndan takip edilmelidir. Uyumsuzluk durumunda denetimler ve ceza uygulamalar\u0131 gibi yapt\u0131r\u0131m \u00f6nlemleri gerekli olabilir.<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSSin-12-Gereksinimi-Nelerdir\"><\/span><strong>PCI DSS&#8217;in 12 Gereksinimi Nelerdir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>PCI SSC<\/strong><strong> &#8211; PCI G\u00fcvenlik Standartlar\u0131 Konseyi<\/strong>, alt\u0131 ana hedeften olu\u015fan PCI DSS i\u00e7inde belirli gereksinimler bar\u0131nd\u0131r\u0131r. PCI DSS uyumlulu\u011fu sa\u011flamak isteyen kurulu\u015flar\u0131n bu 12 gereksinimi kar\u015f\u0131lamas\u0131 gerekir:<\/p>\n<p><strong>Kart Sahibi Verilerini Korumak \u0130\u00e7in G\u00fcvenlik Duvar\u0131 Kurmak ve S\u00fcrd\u00fcrmek<\/strong><\/p>\n<p>Kredi kart\u0131 bilgilerini korumak i\u00e7in g\u00fcvenlik duvar\u0131n\u0131z\u0131 yap\u0131land\u0131r\u0131n ve g\u00fcncel tutun.<\/p>\n<p><strong>Varsay\u0131lan \u015eifreleri ve Di\u011fer G\u00fcvenlik Parametrelerini Kullanma<\/strong><strong>mak <\/strong><\/p>\n<p>Cihaz veya yaz\u0131l\u0131m \u00fcreticileri taraf\u0131ndan sa\u011flanan varsay\u0131lan \u015fifreleri ve ayarlar\u0131 de\u011fi\u015ftirmeyi ihmal etmeyin.<\/p>\n<p><strong>Saklanan Kart Sahibi Verilerini Koru<\/strong><strong>mak<\/strong><\/p>\n<p>Depolanan kredi kart\u0131 bilgilerinin g\u00fcvenli bir \u015fekilde korunmas\u0131n\u0131 sa\u011flamak i\u00e7in gerekli g\u00fcvenlik \u00f6nlemlerini al\u0131n.<\/p>\n<p><strong>Kredi Kart\u0131 Verilerini A\u00e7\u0131k ve Genel A\u011flarda \u015eifrele<\/strong><strong>mek<\/strong><\/p>\n<p>Hassas \u00f6deme bilgilerini internette veya a\u00e7\u0131k a\u011flarda iletirken \u015fifreleme kullan\u0131n.<\/p>\n<p><strong>Antivir\u00fcs Yaz\u0131l\u0131m\u0131 Kullan<\/strong><strong>mak ve D\u00fczenli Olarak G\u00fcncelle<\/strong><strong>mek <\/strong><\/p>\n<p>Vir\u00fcsten koruma yaz\u0131l\u0131m\u0131n\u0131z\u0131 d\u00fczenli olarak g\u00fcncelleyerek k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n sisteminize zarar vermesini \u00f6nleyin.<\/p>\n<p><strong>G\u00fcvenli Sistemler ve Uygulamalar Geli\u015ftir<\/strong><strong>mek ve S\u00fcrd\u00fcr<\/strong><strong>mek<\/strong><\/p>\n<p>Kendi geli\u015ftirdi\u011finiz veya kulland\u0131\u011f\u0131n\u0131z yaz\u0131l\u0131mlar\u0131n g\u00fcvenli oldu\u011fundan emin olun ve s\u00fcrekli olarak g\u00fcncel tutun.<\/p>\n<p><strong>Kart Sahibi Verilerine Eri\u015fimi \u0130\u015f \u0130htiyac\u0131na G\u00f6re S\u0131n\u0131rland\u0131r<\/strong><strong>mak<\/strong><\/p>\n<p>\u00c7al\u0131\u015fanlar\u0131n, sadece g\u00f6revleri gerektirdiklerinde kredi kart\u0131 bilgilerine eri\u015fim sa\u011flamalar\u0131na izin verin.<\/p>\n<p><strong>Veri veya Bilgisayar Eri\u015fimi Olan Her Bireye E\u015fsiz Bir Kimlik Ata<\/strong><strong>mak<\/strong><\/p>\n<p>Sisteme eri\u015fimi olan her bireye, takip edilebilirlik ve g\u00fcvenlik i\u00e7in benzersiz bir kullan\u0131c\u0131 kimli\u011fi verin.<\/p>\n<p><strong>Kart Sahibi Verilerine Fiziksel Eri\u015fimi S\u0131n\u0131rland\u0131r<\/strong><strong>mak<\/strong><\/p>\n<p>Kart bilgilerinin bulundu\u011fu fiziksel ortamlara sadece yetkili ki\u015filerin eri\u015fmesini sa\u011flay\u0131n.<\/p>\n<p><strong>A\u011f Kaynaklar\u0131na ve Kart Sahibi Verilerine T\u00fcm Eri\u015fimleri \u0130zle<\/strong><strong>mek ve Takip Et<\/strong><strong>mek <\/strong><\/p>\n<p>Kredi kart\u0131 bilgilerine ve a\u011f kaynaklar\u0131na yap\u0131lan t\u00fcm eri\u015fimleri izleyerek kay\u0131t alt\u0131na al\u0131n.<\/p>\n<p><strong>G\u00fcvenlik Sistemlerini ve S\u00fcre\u00e7lerini D\u00fczenli Olarak Test Et<\/strong><strong>mek<\/strong><\/p>\n<p>G\u00fcvenlik s\u00fcre\u00e7lerinizi ve sistemlerinizi belirli aral\u0131klarla test ederek a\u00e7\u0131klar\u0131 kapat\u0131n.<\/p>\n<p><strong>Bilgi G\u00fcvenli\u011fi Politikas\u0131 S\u00fcrd\u00fcr<\/strong><strong>mek<\/strong><\/p>\n<p>Detayl\u0131 bir bilgi g\u00fcvenli\u011fi politikas\u0131 olu\u015fturun ve s\u00fcrekli olarak uyguland\u0131\u011f\u0131ndan emin olun.<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSS-Uyumluluk-Seviyeleri\"><\/span><strong>PCI DSS Uyumluluk Seviyeleri<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PCI DSS uyumluluk gereksinimleri, bir i\u015f yerinin y\u0131ll\u0131k kredi veya banka kart\u0131 i\u015fleme hacmine g\u00f6re d\u00f6rt seviyeye ayr\u0131l\u0131r. A\u015fa\u011f\u0131da bu d\u00f6rt do\u011frulama seviyesi bulunuyor:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Seviye-1\"><\/span><strong>Seviye 1 <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Y\u0131ll\u0131k 6 milyondan fazla kart i\u015flemi ger\u00e7ekle\u015ftiren kurulu\u015flar bu kategoride yer al\u0131r. Bu i\u015fletmeler her y\u0131l bir Kay\u0131tl\u0131 G\u00fcvenlik De\u011ferlendiricisi (QSA) taraf\u0131ndan denetlenmeli ve her \u00e7eyrekte Onayl\u0131 Taray\u0131c\u0131 Sat\u0131c\u0131s\u0131 (ASV) taraf\u0131ndan a\u011f taramas\u0131 yap\u0131lmal\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Seviye-2\"><\/span><strong>Seviye 2 <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Y\u0131ll\u0131k 1 milyon ila 6 milyon kart i\u015flemi ger\u00e7ekle\u015ftiren kurulu\u015flar\u0131 kapsar. Bu kurulu\u015flar y\u0131ll\u0131k bir \u00d6z De\u011ferlendirme Anketi (SAQ) doldurmal\u0131 ve her \u00e7eyrekte olas\u0131 a\u011f g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 taratmal\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Seviye-3\"><\/span><strong>Seviye 3 <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Y\u0131ll\u0131k 20.000 ila 1 milyon kart i\u015flemi ger\u00e7ekle\u015ftiren orta \u00f6l\u00e7ekli firmalar\u0131 kapsar. Bu i\u015f yerleri de y\u0131ll\u0131k SAQ doldurmal\u0131 ve \u00e7eyrek d\u00f6nemlik a\u011f taramalar\u0131 yapmal\u0131d\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Seviye-4\"><\/span><strong>Seviye 4 <\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Y\u0131ll\u0131k 20.000&#8217;den az kart i\u015flemi ger\u00e7ekle\u015ftiren k\u00fc\u00e7\u00fck i\u015fletmeleri kapsar. Seviye 2 ve 3&#8217;te oldu\u011fu gibi y\u0131ll\u0131k bir SAQ doldurmal\u0131 ve \u00e7eyrek d\u00f6nemlik a\u011f taramalar\u0131 yapmal\u0131d\u0131r.<\/p>\n<p>Bu gereksinimlerin ve seviyelerin tamam\u0131, kart verilerinin g\u00fcvenli\u011fini sa\u011flamak ve olas\u0131 ihlalleri en aza indirmek i\u00e7in uygulan\u0131r.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSS-Uyumunun-Faydalari-ve-Zorluklari\"><\/span><strong>PCI DSS Uyumunun Faydalar\u0131 ve Zorluklar\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PCI DSS, i\u015fletmeler i\u00e7in \u00f6nemli faydalar ve baz\u0131 zorluklar sunmaktad\u0131r. \u0130\u015fte bu fayda ve zorluklar hakk\u0131nda daha detayl\u0131 bilgi:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"PCI-DSSnin-Faydalari\"><\/span><strong>PCI DSS\u2019nin Faydalar\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PCI DSS uyumu sa\u011fland\u0131\u011f\u0131nda, i\u015fletmeler veri koruma ve g\u00fcvenlik konusunda \u00f6ne \u00e7\u0131kar ve bu da olumlu bir itibar yarat\u0131r. \u0130\u015fte bu faydalar:<\/p>\n<p><strong>Geli\u015fmi\u015f M\u00fc\u015fteri G\u00fcveni:<\/strong> PCI DSS, kart sahibi verilerini korur ve bu da m\u00fc\u015fterilerin g\u00fcvenini kazanmaya yard\u0131mc\u0131 olur. G\u00fcvenli\u011fe \u00f6nem veren bir i\u015fletme olarak tan\u0131nmak, m\u00fc\u015fteri sadakatini art\u0131rabilir ve tekrar eden i\u015f potansiyelini y\u00fckseltir.<\/p>\n<p><strong>Veri \u0130hlallerinin Azalmas\u0131:<\/strong> PCI DSS, g\u00fcvenlik \u00f6nlemleri ve veri koruma prosed\u00fcrleriyle veri ihlali riskini en aza indirir. Bu da cezalar, yasal masraflar ve itibar kayb\u0131 gibi olumsuz durumlar\u0131n \u00f6n\u00fcne ge\u00e7er.<\/p>\n<p><strong>Doland\u0131r\u0131c\u0131l\u0131k Korumas\u0131:<\/strong> PCI DSS\u2019nin gereksinimleri doland\u0131r\u0131c\u0131l\u0131\u011f\u0131 \u00f6nler ve tespit eder, bu da doland\u0131r\u0131c\u0131l\u0131kla ba\u011flant\u0131l\u0131 mali kay\u0131plar\u0131 azalt\u0131r.<\/p>\n<p><strong>Sekt\u00f6r Standartlar\u0131na Uyumluluk: <\/strong>PCI DSS uyumu, i\u015fletmenin sekt\u00f6rde en iyi uygulamalara ba\u011fl\u0131 kald\u0131\u011f\u0131n\u0131 g\u00f6sterir. Bu da i\u015fletmenin ortaklar\u0131, payda\u015flar ve d\u00fczenleyicilerle olan itibar\u0131n\u0131 ve ili\u015fkilerini g\u00fc\u00e7lendirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"PCI-DSSnin-Zorluklari\"><\/span><strong>PCI DSS\u2019nin Zorluklar\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ancak, PCI DSS uyumu sa\u011flarken i\u015fletmeler baz\u0131 zorluklarla kar\u015f\u0131la\u015fabilir:<\/p>\n<p><strong>Karma\u015f\u0131kl\u0131k:<\/strong> PCI DSS\u2019nin gereksinimleri kapsaml\u0131 g\u00fcvenlik kontrolleri i\u00e7erir ve bu kontrolleri anlamak ve uygulamak, \u00f6zellikle k\u00fc\u00e7\u00fck i\u015fletmeler i\u00e7in zor olabilir.<\/p>\n<p><strong>Maliyet:<\/strong> PCI DSS uyumunu s\u00fcrd\u00fcrmek ve gerekli g\u00fcvenlik sistemlerini, s\u00fcre\u00e7leri ve personeli sa\u011flamak pahal\u0131 olabilir. Bu da genellikle k\u00fc\u00e7\u00fck i\u015fletmeler i\u00e7in bir y\u00fck olu\u015fturur.<\/p>\n<p><strong>S\u00fcrekli \u00c7aba Gerektirir:<\/strong> PCI DSS uyumunu sa\u011flamak, s\u00fcrekli izleme, test etme ve g\u00fcvenlik \u00f6nlemlerini g\u00fcncelleme gerektirir. Bu s\u00fcrd\u00fcr\u00fclebilir bir s\u00fcreci gerektirir ve zaman ve kaynak ister.<\/p>\n<p><strong>De\u011fi\u015fen Ortam:<\/strong> \u00d6deme kart\u0131 end\u00fcstrisi ve siber g\u00fcvenlik tehditleri s\u00fcrekli olarak de\u011fi\u015fmektedir. Bu de\u011fi\u015fen standartlara uyum sa\u011flamak, i\u015fletmeler i\u00e7in zorlu olabilir.<\/p>\n<p>PCI DSS uyumu, avantajlar\u0131 kadar zorluklar\u0131 da olan \u00f6nemli bir konudur. Hem m\u00fc\u015fteri g\u00fcvenini art\u0131rarak hem de veri ihlallerini azaltarak i\u015fletmeler i\u00e7in b\u00fcy\u00fck faydalar sa\u011flar. Ancak, karma\u015f\u0131kl\u0131k, maliyet ve s\u00fcrekli \u00e7aba gerektirmesi gibi zorluklar\u0131 da g\u00f6z \u00f6n\u00fcnde bulundurmak \u00f6nemlidir.<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSS-Tarama-Nedir\"><\/span><strong>PCI DSS Tarama Nedir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>PCI DSS tarama<\/strong>\u00a0ise uyumluluk i\u00e7in aranan standartlar\u0131n var olup olmad\u0131\u011f\u0131n\u0131n belli aral\u0131klarla incelenmesidir. Kart ile \u00f6deme alan kurulu\u015flar, kart i\u015flem say\u0131lar\u0131na g\u00f6re 4 farkl\u0131 seviyeye ayr\u0131l\u0131r ve her seviyenin\u00a0<strong>PCI DSS tarama s\u00fcresiyle<\/strong>\u00a0\u015fekli farkl\u0131l\u0131k g\u00f6sterir. Ortalama olarak her 3 ayda bir olmak \u00fczere y\u0131lda 4 defa tarama yap\u0131lmas\u0131 ve sonu\u00e7lar\u0131n iletilmesi zorunludur. Bu sonu\u00e7lar\u0131 inceleyen PCI DSS, kredi kart\u0131 ile \u00f6deme al\u0131nabilmesi yetkisinin devam edip etmeyece\u011fini belirler.<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"PCI-DSS-Comodo-HackerGuardian\"><\/span><strong>PCI DSS Comodo HackerGuardian<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sanal POS sa\u011flay\u0131c\u0131lar\u0131n\u0131n mutlaka uygulamas\u0131 gereken PCI DSS taramas\u0131n\u0131 yapman\u0131z i\u00e7in m\u00fckemmel bir ara\u00e7 olan\u00a0<a href=\"https:\/\/www.ihs.com.tr\/comodo-pci-dss-tarama.html\" target=\"_blank\" rel=\"noopener\">Comodo HackerGuardian<\/a>\u00a0ile tek bir noktadan kolayl\u0131kla t\u00fcm i\u015flemleri ger\u00e7ekle\u015ftirmek m\u00fcmk\u00fcn.<\/p>\n<p><strong>Comodo HackerGuardian PCI DSS Tarama,\u00a0<\/strong>taraman\u0131n ayn\u0131 g\u00fcn i\u00e7inde ba\u015flay\u0131p bitmesine ve sonu\u00e7lara kolayl\u0131kla eri\u015filebilmesine imkan tan\u0131r. Ayr\u0131ca ayn\u0131 g\u00fcnde birden fazla tarama, sonu\u00e7lar\u0131 tekrar tarama, g\u00fcnl\u00fck otomatik tarama, \u00f6zel y\u00f6netici raporu, subnet deste\u011fi, g\u00fcncel veritaban\u0131 ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 raporu gibi \u00f6zellikler de Comodo HackerGuardian ile elde edilir.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>G\u00fcn\u00fcm\u00fcz dijital \u00e7a\u011f\u0131nda, kredi kartlar\u0131yla yap\u0131lan i\u015flemlerin g\u00fcvenli\u011fi, hem i\u015fletmeler hem de t\u00fcketiciler i\u00e7in b\u00fcy\u00fck bir \u00f6nem ta\u015f\u0131maktad\u0131r. Kredi kart\u0131 verilerini korumak&hellip;<\/p>\n","protected":false},"author":3,"featured_media":14931,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-14930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14930"}],"version-history":[{"count":2,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14930\/revisions"}],"predecessor-version":[{"id":14933,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14930\/revisions\/14933"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/14931"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}