Credit Card Payment Security
PCI ( Payment Credit Industry) DSS compliance is a security
standard affecting millions of businesses who process electronic
credit card payments. The standard was created to help organizations
that process card payments prevent credit card fraud, hacking and
various security vulnerabilities and threats. Any company processing,
storing, or transmitting payment card data must be PCI DSS compliant.
The remainder of this topic contains reference information
ONLY. All companies who will process electronic
credit card payments are responsible for ensuring that
their operations run compliantly within CURRENT statute
requirements AND as advised by their own retained
legal representatives. Comtech Systems Inc. does
not purport the following reference information to
legally complete OR to be interpreted in any way as a
legal opinion or legal advice.
PCI DSS compliance has many different points that require
review, most relating to your internal procedures and network
security. Some also relate to the software you run within
your company.
For instance, PCI DSS requirement 6.1 specifically states:
Ensure that all system components and software have the
latest vendor-supplied security patches installed. Install
critical security patches within one month of release.
It is important to ensure you remain up to date with all of
your software vendors, such as your OS, ARM software, Firewall, and
Anti-Virus Software. If you do not have a Collect! software
subscription, please email sales@collect.org to subscribe to
inquire as to your update options.
The PCI DSS compliance objectives and their
basic requirements are:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain and Information Security Policy
The following sections list the specific requirements outlined.
These are the six categories of PCI Compliance security
standards that Merchants can be evaluated on.
Please refer to Help topics at the end of this document
for details about implementing Collect! related
requirements.
Build And Maintain A Secure Network
Requirement 1
Install and maintain a firewall configuration to protect
cardholder data. This requirement can be met by setting
up your network with a qualified technician.
Requirement 2
Do not use vendor-supplied defaults for system passwords
and other security parameters.
Collect! uses a default password for the CV11
Server. You can change this as needed.
Refer to the CV11 Admin Tool for details.
Protect Cardholder Data
Requirement 3
Protect stored cardholder data. (CVV2 data cannot be stored.)
Collect! retains the cardholder name, only the last 4 digits of the
card number and does not store any of the CVV or expiry date info.
Requirement 4
Encrypt transmission of cardholder data across open, public
networks. This requirement is met with our product interface.
Maintain A Vulnerability Management Program
Requirement 5
Use and regularly update anti-virus software.
This requirement can be met by setting up your
network with a qualified technician.
Requirement 6
Develop and maintain secure systems and applications.
This requirement can be met by setting up your network
with a qualified technician.
Requirement 6.1
Ensure that all system components and software have the
latest vendor-supplied security patches installed. Install
critical security patches within one month of release.
If you do not have a Collect! software subscription,
please email sales@collect.org to
inquire about your update options.
Implement Strong Access Control Measures
Requirement 7
Restrict access to cardholder data by business need-to-know.
This requirement is met by limited retention and encrypted, secure
transmission via the integrated module used by our product.
Requirement 8
Assign a unique ID to each person with computer access.
This requirement is met by our products and interface configuration
with the payment processing vendor.
Requirement 9
Restrict physical access to cardholder data. This requirement
is met by setting up your network with a qualified technician.
Regularly Monitor And Test Networks
Requirement 10
Track and monitor all access to network resources
and cardholder data. This requirement can be met by setting
up your network with a qualified technician.
Requirement 11
Regularly test security systems and processes.
This requirement can be met by setting up your
network with a qualified technician.
Maintain An Information Security Policy
Requirement 12
Maintain a policy that addresses information security.
This requirement can only be implemented by your
office procedures and policies.
For more information on PCI DSS compliance see:
PCI DSS Documentation - www.pcisecuritystandards.org
See Also
- Account Access Control
- Security and Aliases Topics
- Web Host Topics
- CV11 Admin Tool
- How To Writeback To Database
|
Was this page helpful? Do you have any comments on this document? Can we make it better? If so how may we improve this page.
Please click this link to send us your comments: helpinfo@collect.org