Many customers hear about PCI compliance and wonder what it is. To shed some light on the largest change to E-Commerce in the last few years, we'll discuss each requirement and how it affects you.
The PCI (Payment Card Industry) security standards are a blanket of regulations set in place to safeguard payment account data security. The council that develops and monitors these regulations are comprised of the leading providers in the payment industry: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International. Essentially, they define the best practices for storing, transmitting, and handling of sensitive information over the internet.
In order for a vendor to be PCI compliant, they will need to meet 6 main requirements.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Firewalls are computer devices that control computer traffic allowed into and out of a company’s network, as well as traffic into more sensitive areas within a company’s
internal network. A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria.
All systems must be protected from unauthorized access from the Internet, whether entering the system as e-commerce, employees’ Internet-based access through desktop browsers, or employees’ email access. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.
Next up - Protect Cardholder Data