eCommerce PCI Compliance
PCI Compliance Massive losses are made each year due to credit card fraud and so to combat it, the Payment Card Industry (PCI) have created stringent data security standards (DSS) for online retailers to adhere to. Any IXXO user that uses a merchant account such as Authorize.net, BluePay, SagePay, etc… or offline credit card processing and therefore has credit card details passing through their website must comply with the PCI DSS controls and processes. Anyone who doesn’t risks costly fines should a breach occur. There are 12 core requirements for meeting the PCI DSS, divided up into 6 key groups:
Build and Maintain a Secure Network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement
- 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Requirement 3: Protect stored cardholder data Requirement
- 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Requirement 5: Use and regularly update anti-virus software Requirement
- 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
- Requirement 12: Maintain a policy that addresses information security It is important to note that while IXXO is an integral part of the chain in obtaining PCI Compliance, the majority of the above rules relate to your hosting environment, network, and staff procedures.
To help our customers achieve PCI Compliance, we are about to team-up with McAfee® and are therefore able to offer a substantial reduction on their normal service rate. McAfee PCI Compliance Service is a simplified, easy-to-use system that enables Level 2-4 merchants to successfully satisfy PCI DSS compliance requirements.
The information shown here on PCI Compliance should be used as a guide only and IXXO Ltd. makes no warranty of any kind for the correctness or accuracy of this information. Additional advice should sought as appropriate.