Medical Solutions

ACCEPTING CREDIT CARDS IS NOW HARDER

WHAT IS PCI COMPLIANCE?

Have you received that suspicious email or phone call about PCI compliance yet? Well, it's for real. The Payment Card Industry Data Security Standard (PCI DSS) is, at its most basic, a set of guidelines that credit card companies (Visa, MasterCard, etc.) are now requiring of the merchants who accept their cards. These requirements are all related to the collection, usage, storage and accessibility of credit card information at your business. Although PCI compliance is not law, if you accept credit cards, you will be asked to become PCI compliant or face fines or the revocation of your merchant account.

These are the 12 things that the PCI Security Standards Council requires:

Build and Maintain a Secure Network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

  • Requirement 12: Maintain a policy that addresses information security.

Fortunately, VSM.NET knows what to do to help you pass these requirements and get approved by an Approved Scanning Vendor. (Most likely, the company that first contacted you about PCI compliance is an ASV). We will go through each step and explain to you what needs to be changed (and why) and then make those changes. We can work completely on your behalf or with your existing IT personnel.

As you can see, this is not something to be taken lightly. Depending on the size of your network and how you currently handle credit card data on it, the process can be lengthy and frustrating. Hiring VSM.NET to assist you in becoming PCI compliant will save you time, money and frustration.