Subscribe by Email

Your email:

Most Popular Posts

Browse by Tag

Posts by Month

Blog

Current Articles | RSS Feed RSS Feed

Important PCI-DSS Compliant Information

Posted by Nicole Senecal on Thu, May 06, 2010 @ 10:39 AM
  
  
Add to delicious  delicious  
  
 

Your ability to process credit cards may be at risk; if you store, process, or transmit cardholder data, you must be PCI-DSS compliant by July, 1 2010. The ability to process credit cards is vital to your company. So Sage has created a resource center to help you understand what PCI-DSS is, and to help you achieve compliance before the deadline.           

What is PCI-DSS:

                PCI-DSS is a set of requirements for enhancing payment account data security. Its standards include requirements for security management, policies, procedures, network architecture, software design, and other measures created to protect customer account data. Developed by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International (the founder of the PCI Security Standards Council), PCI-DSS is designed to facilitate global adoption of consistent data security measures.

 

 There are 12 requirements that fall into six categories:                                                        

 

  • 1. Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
  • 2. Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
  • 3. Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).
  • 4. Implement Strong Access Control Measures: Access to cardholder data - both electronic and physical - should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.
  • 5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
  • 6. Maintain an Information Security Policy: It's critical that your organization has a resource for governing your company's data security. Ensure you have a policy and that it's disseminated and updated regularly.

 

For Additional Information Please Visit: http://www.sageaccpacinfo.com/PCI/

Tags: , , , , , , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics