My Merchant Account Blog
My Merchant Account Blog should help you with your merchant account and electronic payment gateway. Also
hopefully it will help explain some fraud attempts and how to notice fraud
on your orders.
Search My Merchant Account Blog
My Merchant Account Blog Categories
- Domain Names (1)
- Electronic Payment Gateways (4)
- LinkPoint (2)
- Merchant Accounts (38)
- Miscellaneous (10)
- Security (8)
- Web Hosting and Design (4)
My Merchant Account Blog Archives
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
My Merchant Account Blog Recent Entries
- Credit Card Testing Numbers
- The LinkPoint Gateway
- The Security of Your Customers
- Payment Application Best Practices from Visa
- Let Me Use Your Merchant Account
- Our Grand Opening
- How to Handle a Large Order
- People Sending One Cent via Paypal
- Merchandise Not Received
- Merchant Direct Access Service
Other Blogs
Pod Casts
SiteMap
PCI Compliancy is not Just About Scanning
Thursday, July 26, 2007
PCI Compliancy does not just involve scanning your network every so often to have a company say you are safe from intruders. It is a process. And this process includes every part of the transaction from A to Z.I know earlier we told you about how some providers have not completed their paperwork on PCI Compliancy. Visa released their list of CISP Compliant Providers again on July 15, 2007. It still shows the same companies as not being compliant with the rules set forth by the PCI Security Standards Council.
Core Requirements of PCI DSS
Let us assume though that aplus.net was compliant. This does not make you, your shopping cart, or your e-commerce business PCI compliant. While it is an important part, there are other factors as well:- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security passwords
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
You are already probably doing a lot of the requirements listed above, i.e. you changed the password of the shopping cart once it was installed. And hopefully you used a combination of letters and numbers. If possible, you even used some symbols (like #, !, $, *, etc) if they are allowed. Even better, if the control panel supported both upper- and lower-case letters.
You also purchased an SSL certificate as well from a company like Comodo to help encrypt data between the browser and the server.
Self-Assessment Questionnaire
The PCI DSS Self-Assessment Questionnaire v1.0 can be downloaded and reviewed at your leisure if you are interested in learning more about securing and protecting your data. Also check out the supporting documents on the PCI Security Standards Council website for more information and possibly a new version of the PCI DSS Self-Assessment Questionnaire.
