A firewall configuration must be installed and maintained.
System passwords must be original (not vendor-supplied).
Stored cardholder data must be protected.
Transmissions of cardholder data across public networks must be encrypted
Anti-virus software must be used and regularly updated.
Secure systems and applications must be developed and maintained.
Cardholder data access must be restricted to a business need-to-know basis.
Every person with computer access must be assigned a unique ID.
Physical access to cardholder data must be restricted.
Access to cardholder data and network resources must be tracked and monitored.
Security systems and processes must be regularly tested.
A policy dealing with information security must be maintained.
PCI DSS compliance is the Payment Card Industry Data Security Standard. This is a set of requirements set by the payment card industry designed to ensure that all companies that process, store or transmit credit card data maintain a secure environment. An independent body created by the major credit card brands; Visa, MasterCard, American Express, Discover and JCB, PCI DSS is rated in 4 levels according to the level of compliance.
SolidGate Technologies has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at SolidGate Technologies.
Anytime that live cardholder data is in the clear – that is, in plain text format that is readable by a person or computer – it is extremely vulnerable to theft. Of course, cyberthieves know this and look for ways to capture a copy of that data. For example, it’s possible for a thief to siphon off the card data as it is transmitted in plain text from a card reader to the point of sale (POS) server.
Encryption of either the data itself and the transmission path the data takes along the network can vastly reduce the vulnerability of the data, which in turn reduces a merchant’s business risks.