We are proud to announce that our software has the potential to be PCI DSS compliant. The PCI DSS means that the Payment Card Industry Data Security Standards have been met by both the technological and administrative sides of a business.
To explain this a bit further, both internal and external factors can cause a major threat to the safety of credit card information that comes from valued customers. The PCI DSS certification shows that the technology behind a website does everything possible to protect that information and prevent it from falling into the wrong hands. PCI DSS is an external certification carried out by auditors, it is a certification that takes multiple steps to obtain. Below is a brief outline of the steps that must be taken to obtain the PCI DSS Certification:
● Build and maintain a secure network. This means that the system must be tested regularly and run a secure firewall while also keeping the system network private.
● Protect Cardholder Data. This can be done in various ways such as - not storing card information or perhaps encrypting it so third parties cannot read it.
● Start a vulnerability management program. This means that the IT team must have full control of the anti-virus system you run and must update it periodically.
● Implement an Access barrier. This means that only certain people can access different tiers of the system. These people should be vetted to explain who, how and why they will have access to specific parts of the system.
● Maintain an Information Security Policy. This means that a thorough security policy must be in place monitoring uses of technology, reviewing internal procedures and processes, audits should take place and any other administrative security policies that the firm may decide to implement.
Once all of the above are in place a company may apply for a PCI DSS certification which will be issued by an external auditor. If the auditor is pleased with the security measures in place, you could be on the right track to gain your own PCI DSS certification.