Article Written by : SNDA Online
The list provided below is for your reference on the PCI compliancy policy. Do not use this list as a substitute for the full PCI DSS Version 1.2 Documents.
- Secure the Network: A firewall needs to be installed and maintained to protect cardholder data. Vendor-supplied defaults should not be used for system passwords and other security items. Merchant account services should customize the options to the highest level possible. The payment gateway a merchant uses needs to have adequate security for their customers.
- Protect Cardholder Data: Encrypting data will give the processing company adequate protection for holding cardholder data
- Enact a Vulnerability Management Program: Trojans, worms and other malware feast on information stored in credit card processing services’ databases. Crooks will try anything to access these goldmines. Vulnerability software needs to be installed to protect cardholder data for online payment processing.
- Control Measures: A unique ID should be assigned to each person using a computer to access the data. This increases accountability and will helps merchant account services pinpoint who is responsible when something goes wrong.
- Test Networks: The quicker suspicious activity is caught the more likely accidents will be prevented. Credit card merchant services need to test and monitor their networks regularly.
- Create a Security Policy: Write up a security policy that both employees and contractors sign.