June 14, 2011 | Authored by: Vindicia Team Blogs
Launching A Digital Business – PCI
Launching a digital business involves many decisions, but one of, if not the most critical decision that merchants must make is the process by which they become compliant with the Payment Card Industry Data Security Standards (PCI DSS), PCI DSS are in place to minimize credit card fraud via exposure.
The PCI standards outline how digital merchants need to protect personal information and secure payment transactions, no matter how small or large the merchant is. It covers six key areas, with multiple requirements in each area.
The Six Categories of PCI Standards
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software on all systems commonly affected by malware
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security
Equally important as the actual security policies in place is instilling a corporate culture that augments and supports the PCI DSS standard to minimize incidents like the Sony PlayStation Network security breach.
The Latest PCI Data Security Rules
Despite all the literature, PCI remains an opaque issue, yet fundamental to every company that takes some form of credit and debit card payment for their service. New guidance and clarifications in PCI compliance – known as PCI DSS 2.0 – is now upon us, and while the changes aren’t huge from the previous version, understanding them and their impact to your online business is critical.
PCI Compliance Enforcement
There are numerous costs – with financial and business implications – associated with non-compliance, ranging from fees from your acquiring bank to the actual liability of putting cardholder data at risk. There are various levels of PCI DSS compliance and Vindicia, as a Level 1 Service Provider, goes through the highest audit bar every year, as we’ve done for the past six. Learn more about how PCI compliance is enforced.
Which billing platform is right for B2C subscriptions?Download