PCI (Payment Card Industry Data Security Standard) compliance is vitally important for any company that accepts or plans to accept payment for services and products via credit card. If your firm intends to accept card payment, and store, process and transmit cardholder data, then you really need to ensure that you’re hosting that data securely with a PCI-compliant hosting service provider. PCI cybersecurity compliance is a requirement for every organization handling payment cards.
The Threatcare Suite enables organizations to no longer just “guess" if their security is properly in place by validating protection using breach and attack simulations. Threatcare, an Austin-based cybersecurity SaaS company, is the leader in proactive cyber defense.
PCI cybersecurity compliance must be taken seriously, 89% of all breaches have a financial or espionage motive. There are about a dozen PCI compliant standards that meet several security goals. In no particular order, they are as follows:
*Installation and maintenance of firewall configuration to shield cardholder data: Firms have to create their own firewall configuration policy and then develop a configuration test procedure that ensures cardholder data protection.
*Disregard vendor-supplied system password defaults and similar security parameters: You should create, maintain and update your own system passwords with unique, security number-letter-symbol combinations.
*This is a requirement that applies solely to companies planning to store cardholder data. Companies that don’t do so are already avoiding a potential data security breach often carried out by identity thieves.
Further, you want a PCI compliant host to provide multiple levels of cyber defense as well as a secure data protection model that combines virtual and physical security methods — user authorization; authentication; passwords; restricted access; server, storage and network cabinet locks.
*Cardholder data transmitted across open, public networks must be encrypted, so as to render it unreadable to any system intruder who does not have the proper cryptographic keys. As added security, don’t store sensitive authentication data, including card validation codes and PIN numbers, even if it is encrypted.
*You must use and then regularly update anti-virus software, to protect against the most advanced and recent malware. If data is hosted on outsourced servers, then the server provider is tasked with maintaining a secure environment.
*Develop and maintain security systems and applications, including searching for and finding new security vulnerabilities via alert systems.
*You will want to restrict access to cardholder data to business need-to- know standards as well. By limiting the number of personnel who have access to that data, you then lessen the opportunities for a breach of security.
*All persons in your firm with computer access should be assigned a unique identifier.
You must always maintain a policy that address information security, to include acceptable uses of technology, reviews, annual risk analysis processes, and operational security. Use Threatcare to verify that your organization is practicing proper PCI cybersecurity compliance.