PCI Compliance Solutions
Reducing risk means increasing compliance and security. All our terminals and partner payment systems are PCI compliant and are backed by technical support teams. We offer full tokenization systems for customer cardholder data.
Some PCI Compliance tips:
- Do regularly monitor and test networks/systems that have payment card data.
- Do implement and enforce a company Information Security Policy.
- Do install and keep up-to-date, a firewall that protects cardholder data stored within company systems.
- Do assign every employee with computer access a unique ID and use a robust password (e.g., mix of letters, numbers, and symbols), which is changed frequently (every 45-60 days).
- Do restrict physical access to company systems and records with cardholder data to only those employees with a business “need-to-know.”
- Do encrypt cardholder data if transmitting it over wireless or open, public networks.
- Do use and regularly update anti-virus software.
- Do have secure company systems and applications (e.g., good and frequent process to update all computers with necessary patches, process for identifying system/application vulnerabilities, etc.).
- Do ensure any e-commerce payment solutions are tested to prevent programming vulnerabilities like SQL injection.
- Do verify that any third party service provider you use who handles cardholder data has validated PCI DSS compliance by visiting the PCI Security Standards Council website at www.pcisecuritystandards.org.
- Don’t store magnetic stripe cardholder data or the CVV or CVC code (the additional security number on the back of credit cards)after authorization.
- Don’t use vendor-supplied or default system passwords or common/weak passwords.
- Don’t store cardholder data in any systems in clear text (i.e., unencrypted).
- Don’t leave remote access applications in an “always on” mode.