What is PCI Compliance?
PCI (Payment Card Industry) Compliance standards was created by major credit card issuers to protect personal information and ensure security when transactions are processed using a payment card. Members of the Payment Card Industry (financial institutions, credit card companies and merchants) must comply with these standards if they are accepting credit cards as modes of payment. Failure to meet these standards can result to fines from credit card companies and even the loss of the ability to process credit cards. There are six categories of PCI Standards that must be met in order for a retailer to be considered a PCI Compliant.
1. Maintain a secure network
An actual network where the transaction is being exposed to, must be secured. In case of an online business, the vulnerability for this standard is the web server itself. In here, the hosting companies must take the responsibility to make the network secure.
2. Protecting Cardholder Data
This category focuses on how the cardholder data is stored and transmitted. Ways on how to protect these data are, encryption of data. Online businesses need to be critical of the way the cardholder data is transmitted. Because during the transmission, the data is being sent across the Internet. The data here must be encrypted with at least a 128 bit SSL certificate to meet this standard.
3. Maintaining a Vulnerability Management Program
This category means, keeping systems up to date. Vulnerability exposures can be minimized by regularly updating computer hardware, operating systems and software, anti-virus softwares, and regular virus scans.
4. Implementing Strong Access Control Measures
Part of meeting PCI Compliance means limiting access to cardholder data to only those persons that need to use it.
5. Regular Monitor and Test Networks
Networks where the cardholder data is located must be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard.
6. Maintain an Information Security Policy
Making and implementing a security policy for the company to make sure employees know and understand their responsibilities with regards to cardholder data.
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Since Payment Card Industry (PCI)ís Data Security Standard is increasingly being demanded by tech savvy clients, so it is important that your hosting provider is able to offer PCI Compliant Hosting.
PCI Compliant Hosting providers have grown in importance as the scale of financial transactions are more and more being done online. At BNS we implement the major aspects of PCI standards to make these PCI standard hosting services. Both physical and logical barriers are in place to restrict access and secure data to only those individuals that are properly authenticated and authorized to access the servers.
BNS Hosting employ things like certificate based security, encrypted communications, IP access control list, full audit entry logs and physical access control measures that employ biometrics.
How to make your website PCI Compliant?
Step 1: Find out the level of PCI Compliance needed:
Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data∑
Level 2: Merchants which process between 150,000 to 6 million annual transactions
Level 3: Merchants which process between 20,000 and 150,000 annual transactions
Level 4: Merchants which process less than 20,000 annual transactions
The requirements for each level are:
Level 1: Annual on-site security audit and quarterly network security scan.
Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
Level 4: No need to report compliance but must maintain compliance
Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for vulnerabilities. Be sure to continue the scanning on a quarterly basis.
Step 3: Report your compliance by sending the PCI scan and self-assessment to your merchant bank.
Feel free to contact us about your PCI compliant hosting requirements at team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our online expert hosting solution adviser.
Article Directory: http://www.articletrunk.com
#29 AB Fernandez Ave., Dagupan City, Pangasinan, Philippines
+65 (075) 614 3247
Please Rate this Article
Not yet Rated