The
Payment Card Industry requires banks, online merchants and Member
Service Providers to protect cardholder information by adhering to a set
of security standards. There
are specific requirements designed to ensure that ALL companies that
process, store or transmit credit card information maintain a secure
environment. If
you accept credit cards you are required to become PCI compliant
What
is PCI compliance?
Have
you taken these steps to be PCI compliant?
ØHave you
installed and maintained a firewall configuration to protect
cardholder data? ØHave you
changed your vendor-supplied default passwords? ØDo you protect
stored cardholder data? ØDo you regular
updates on your anti-virus software? ØHave you
assigned everyone with computer access a unique ID?
These are just a few of many PCI requirements. If you answered “NO”
to one or all of these or you don’t know what they mean, you are not
PCI compliant!
First
step in becoming PCI compliant depending on your storeenvironment:
If
you are using external Dial-Up credit card terminals
As of today this is the only PCI compliant solution and it only
requires you to take an Annual Self-Assessment
Questionnaire. (SAQ)
If you are using high speed integrated credit cards (you
swipe credit cards on your POS terminal or stand-alone high speed
credit card terminals) You are required to take an Annual Self-Assessment Questionnaire.
(SAQ)
You are also required to perform Quarterly Networks Scans from a
Certified Network Scanning Company.
Install a PCI compliant hardware appliance. This device will completely
segregate the internet from the POS/Credit Card network traffic, monitor
all activity going across the network and be able to provide logging
capabilities.
Who
do I call to take my Annual SAQ and Quarterly Network Scans?
For
First Data users call PCI Rapid Comply at
1-877-437-8666 or on-line at www.cloversecurity.com For non-First Data users call Security Metrics
at 1-800-557-4684 or on-line at www.SecurityMetrics.com
Looking
for a solution for a managed external firewall appliance, which can also includes a PCI
compliant Hot Spot?
EMV - stands
for Europay, MasterCard and Visa, a global
standard for inter-operation of integrated circuit cards (IC cards or
"chip
cards") and IC card capable point of sale (POS) terminals and automated
teller
machines (ATMs), for authenticating credit and debit card transactions.