We are not posing that question as a customer; we are posing the question as your IT and Security consultant. We ask because a “YES” answer means that your organization is required by law to put in place certain IT and security practices.
If you handle any type of credit cards or banking information, make sure your organization is in line with PCI DSS (Payment Card Industry Data Security Standard) compliance. PCI DSS is a set of security standards put in place to ensure that all organizations that accept, process, store or transmit credit card or banking information maintain a secure network environment. This standard is administered by the Payment Card Industry Security Standards Council and its standards apply to any organization, regardless of size or number of transactions. Failure to meet the requirements can result in fines and/or termination of credit card processing privileges.
The PCI DSS 12 requirements are:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software.
- Develop and maintain secure systems and applications. (Note: This includes ensuring the machine that you are entering the data on is secure.)
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
At IT Radix, we help our clients with being compliant with all 12 of the requirements listed and would be happy to help your organization anytime. Give us a call today to review your network to ensure it meets with PCI DSS standards.
You must be logged in to post a comment.