Related Information

Credit Card Payment Security

PCI ( Payment Credit Industry) DSS compliance is a security standard affecting millions of businesses who process electronic credit card payments. The standard was created to help organizations that process card payments prevent credit card fraud, hacking and various security vulnerabilities and threats. Any company processing, storing, or transmitting payment card data must be PCI DSS compliant.

tip.gif The remainder of this topic contains reference information ONLY. All companies who will process electronic credit card payments are responsible for ensuring that their operations run compliantly within CURRENT statute requirements AND as advised by their own retained legal representatives. Comtech Systems Inc. does not purport the following reference information to legally complete OR to be interpreted in any way as a legal opinion or legal advice.

PCI DSS compliance has many different points that require review, most relating to your internal procedures and network security. Some also relate to the software you run within your company.

For instance, PCI DSS requirement 6.1 specifically states:

Ensure that all system components and software have the latest vendor-supplied security patches installed. Install critical security patches within one month of release.

It is important to ensure you remain up to date with all of your software vendors, such as your OS, ARM software, Firewall, and Anti-Virus Software. If you do not have a Collect! software subscription, please email sales@collect.org to subscribe to inquire as to your update options.

The PCI DSS compliance objectives and their basic requirements are:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain and Information Security Policy

The following sections list the specific requirements outlined. These are the six categories of PCI Compliance security standards that Merchants can be evaluated on.

tip.gif Please refer to Help topics at the end of this document for details about implementing Collect! related requirements.

Build And Maintain A Secure Network

Requirement 1
Install and maintain a firewall configuration to protect cardholder data. This requirement can be met by setting up your network with a qualified technician.

Requirement 2
Do not use vendor-supplied defaults for system passwords and other security parameters.

tip.gif Collect! uses a default password for the CV11 Server. You can change this as needed. Refer to the CV11 Admin Tool for details.

Top of page.

Protect Cardholder Data

Requirement 3
Protect stored cardholder data. (CVV2 data cannot be stored.) Collect! retains the cardholder name, only the last 4 digits of the card number and does not store any of the CVV or expiry date info.

Requirement 4
Encrypt transmission of cardholder data across open, public networks. This requirement is met with our product interface.

Top of page.

Maintain A Vulnerability Management Program

Requirement 5
Use and regularly update anti-virus software. This requirement can be met by setting up your network with a qualified technician.

Requirement 6
Develop and maintain secure systems and applications. This requirement can be met by setting up your network with a qualified technician.

Requirement 6.1
Ensure that all system components and software have the latest vendor-supplied security patches installed. Install critical security patches within one month of release.

tip.gif If you do not have a Collect! software subscription, please email sales@collect.org to inquire about your update options.

Top of page.

Implement Strong Access Control Measures

Requirement 7
Restrict access to cardholder data by business need-to-know. This requirement is met by limited retention and encrypted, secure transmission via the integrated module used by our product.

Requirement 8
Assign a unique ID to each person with computer access. This requirement is met by our products and interface configuration with the payment processing vendor.

Requirement 9
Restrict physical access to cardholder data. This requirement is met by setting up your network with a qualified technician.

Top of page.

Regularly Monitor And Test Networks

Requirement 10
Track and monitor all access to network resources and cardholder data. This requirement can be met by setting up your network with a qualified technician.

Requirement 11
Regularly test security systems and processes. This requirement can be met by setting up your network with a qualified technician.

Top of page.

Maintain An Information Security Policy

Requirement 12
Maintain a policy that addresses information security. This requirement can only be implemented by your office procedures and policies.

For more information on PCI DSS compliance see:

PCI DSS Documentation - www.pcisecuritystandards.org

Top of page.

See Also

- Account Access Control
- Security and Aliases Topics
- Web Host Topics
- CV11 Admin Tool
- How To Writeback To Database

Top of page.

Was this page helpful? Do you have any comments on this document? Can we make it better? If so how may we improve this page.

Please click this link to send us your comments: helpinfo@collect.org