Gaining the trust of your customers can be one of the best things you can ever do for your business. The reason here is based on the current state of paranoia and hesitation around using credit cards or making any other transactions that involve the use of personal information.
PCI DSS compliance is required of any merchant that stores, processes, or transmits sensitive information. The Payment Card Industry saw what was happening with this shift in consumer mood and knew that it had to begin enforcing this standard or start watching the integrity of their industry begin to fall apart.
There are 12 requirements for PCI DSS compliance. Many of these requirements can be further broken down into more than 200 individual security requirements. Some are obvious and easy to implement. Others will require a lot more in the way of time, money, and other resources. Nevertheless, they are every bit as important and necessary for a more complete security package. ! PCI DSS compliance is the best way to ensure the security of your system and the trust of your customers.
Requirement one: Install and maintain a firewall configuration to protect cardholder data. One of the most basic steps of defending your sensitive information is to control the traffic going into or out of your system. A firewall is a device that allows you to do this.
Requirement two: Do not use vendor-supplied defaults for system passwords and other security parameters. These passwords are well know throughout the hacker community. Using these passwords is the equivalent of leaving your door wide open and posting a neon sign that announces "Valuable stuff inside. Please come in."
Requirement three: Protect cardholder data. A fairly broad topic, but one that gets to the meat of the situation. Data encryption and storage requirements are included here.
Requirement four: Encrypt transmission of data across open, public networks. Hackers ! can attempt to steal or otherwise manipulate your data while i! t's in t ransit.
Requirement five: Uses and regularly update anti-virus software. Not all malicious threats to your system are intentional. Viruses can get onto your system in any number of ways, and anti-virus programs must be up to the task of wiping them all out.
Requirement six: Develop and maintain secure systems and applications. Sometimes a program has some flaws that can allow unauthorized access to your system. You must keep updated with the necessary patches to fix those flaws.
Requirement seven: Restrict access to cardholder data by business need-to-know. The more people who can access the data, the more likely information will be leaked. Only certain people need to see the data, and it should be restricted to them.
Requirement eight: Assign a unique ID to each person with computer access. This helps make sure that only the right people can access sensitive information, and if any problems should occur, it will be easier to trace the sour! ce of the problem.
Requirement nine: Restrict physical access to cardholder data. You don't want to let anyone walk out with hard copies or even your entire system.
Requirement ten: Track and monitor all access to network resources and carholder data. If you actively monitor and track your system, you can actively find and resolve any problems before someone can exploit them.
Requirement eleven: Regularly test security systems and processes. Discover your vulnerabilities before criminals do. This is the best way to continually improve your system.
Requirement twelve: Maintain a policy that addresses information security for employees and contractors. Everyone needs to understand these policies and measures, and their own responsibility toward them.
PCI DSS compliance is not necessarily a simple thing to achieve, nor is it going to happen over night. PCI DSS compliance is, however, good business sense for you and your customers.
! Andy Eliason is a writer at Main10, Inc. If you'd like to lea! rn more about PCI DSS compliance or information security, visit Braintree Payment Solutions today.
Комментариев нет:
Отправить комментарий