If you want to be PCI Compliant, contact us. MJJT Staff will provide the best service to help you meet your requirements at becoming PCI Compliant.
The twelve requirements of the PCI DSS
The specific measures necessary to secure these elements depend on factors such as how the businesses process card payments and whether it accepts payments online. The PCI council identifies these quick steps as necessary for most businesses to meet PCI compliance standards.
1. Install and maintain a firewall configuration to protect cardholder data
To join multiple networks together a router is needed. To keep people outside of your network from breaking and entering into personal areas, a firewall prevents that from happening.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Hackers can use a list of default passwords to attack your system. If you don't want to be vulnerable to exploits change the default settings and passwords as soon as you can.
3. Protect stored cardholder data
The data on the card should never be put into storage. Anything that does get stored should be immediately encrypted.
4. Encrypt transmission of cardholder data across open, public networks
Whenever transmitting cardholder data across open, the public network makes sure to use a strong encryption for both authentication and data transmission.
5. Protect all systems against malware and regularly update antivirus software or programs
There are plenty of ways that a business can be maliciously attacked. Most attacks are done through email or web browsing. Antivirus and anti-malware programs help with detecting unknown malicious software.
6. Develop and maintain secure systems and applications
If your system has a weak security it will be exposed to multiple threats. To prevent any critical threats updates should be done regularly because they help solve problems.
7. Restrict access to cardholder data by business need to know
While dealing with cardholder data employees only get an extent of privileges and amount of data to conduct their projects. There should be zero trusts integrated into any access control system.
8. Identify and authenticate access to system components
Everyone who has access to a critical system should have a unique user ID. Their activities should be tracked so that they can be monitored and verified.
9. Restrict physical access to cardholder data
Physical access to stored data could lead to opportunities for theft. To be PCI compliant and reach compliant hosting requirements, the data should always be restricted to physical access.
10. Track and monitor all access to network resources and cardholder data
Tracking and monitoring all access to network resources and cardholder data not only helps you prevent being vulnerable but you can know where and how suspicious activities are occurring.
11. Regularly test security systems and processes
Security systems have to be tested as often as possible. By doing so, your system will be more secure in the long-term.
12. Maintain a policy that addresses information security for all personnel
Everyone in the personnel should know their jobs and responsibilities. They should all be aware of suspicious activities and well-equipped to prevent them.