The Payment Card Industry Data Security Standard (PCI – DDS) applies to companies of all sizes. If you intend to accept payment by card (which you should, cash is no longer king), you’ll need to host your data securely with a PCI compliant hosting provider.
There are some goals that need to be met to be compliant with a variety of security goals:
Building and Maintaining a Secure Network Includes:
Each company should create a firewall configuration policy and develop a test that protects the cardholder’s information. This is done through your hosting provider and insures that all information is secure and private.
Always change default passwords. When a software company creates a password for you, no matter how unique it is, they forever have access to the private information you acquire about your cardholders. Change your password, make it extremely unique, and change it often. This will help you keep company and cardholder information secure.
Protecting Stored Data Includes:
For companies that store cardholder’s data, you are required to protect that information and keep it safe. This keeps companies from security breaches and from being targeted by identity theft. Virtual and physical security methods should be combined for maximum defense. Physical security networking cabinet locks, storage and networking, and server access. Virtual security includes authentication, authorization, passwords, etc.
This involves open-public networks. Without access to cryptographic keys, encrypted data is unusable to anyone who is trying to intrude upon private-confident information. This process of converting plain text (what you see here) to an unreadable text that requires decoding or a specific algorithm is called ciphertext.
Implementing Strong Access Control Measures:
This policy should include reviews and annual processes for risk analysis, use of technology, general administrative tasks, and operational security procedures. This policy should be strict and consistently maintained in order to make it effective.
When choosing a processing provider, make sure they are comfortable with each detail that is involved in PCI compliance. This will ensure that your businesses requirements will be met. For more information, contact us today and receive your free custom quote.
Posted in Uncategorized on Nov 29, 2017