Security & Compliance(PCI)

Controls that a company implements to protect its assets and meeting the standards that a third-party has set forth as best practices.

PCI compliance is compliance with The Payment Card Industry Data Security Standard (PCI DSS), a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

Requirements for PCI DSS Compliance

  1. Use and Maintain Firewalls — Firewalls essentially block access of foreign or unknown entities attempting to access private data. These prevention systems are often the first line of defense against hackers

  2. Proper Password Protections — — Routers, modems, point of sale (POS) secure systems, and other third-party products often come with generic passwords and security measures easily accessed by the public.

  3. Encrypt Transmitted Data — Cardholder data is sent across multiple ordinary channels (i.e., payment processors, home office from local stores, etc.).

  4. Restrict Physical Access — Any cardholder data must be physically kept in a secure location. Both data that is physically written or typed and data that is digitally-kept should be locked in a secure room.