Is Your Ecommerce System PCI-Compliant?
Online shopping has expanded the marketplace from brick-and-mortar stores to wherever there’s Internet access. But with this added convenience comes a greater security risk. With a growing number of companies allowing for Internet purchases, online identity theft of credit card numbers, social security numbers and other important transaction information has become more of a concern. For website owners who sell products or services online, your website design should keep any information inputted safe from theft. As part of our Internet services at CyberDesign, our web design and web development staff can design and build ecommerce systems that are secure as they are simple to use. Also, as a web hosting provider, we also offer ecommerce hosting to ensure that your ecommerce system is accommodated with minimal downtime.
In 2006, Visa, MasterCard, Discover, JCB and American Express founded the PCI Security Standards Council, which puts forth stringent standards for ecommerce systems that ensure protection of the sensitive data processed, stored and transmitted during online purchases. Although these standards aren’t the law, online merchants that don’t follow them could face serious fines. If you intend to conduct business through your website, it’s important that your ecommerce system complies with the following requirements set forth by the PCI Security Standards Council:
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Firewalls keep out unauthorized, unauthorized users from being able to parse transaction information from your website.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Prevent hacking by making sure each user has a unique, private password.
Requirement 3: Protect stored cardholder data.
Any archived transaction information should be kept private and secure.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.
All transaction information gathered from your website should be transmitted safely.
Requirement 5: Use and regularly update anti-virus software.
Protect your ecommerce system by running the latest version of anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
Each facet of your ecommerce system should be built with security in mind and compliant with these regulations.
Requirement 7: Restrict access to cardholder data by business need-to-know.
Only trusted members of your operation should be allowed to view transaction data.
Requirement 8: Assign a unique ID to each person with computer access.
To increase accountability, each user authorized to view transaction data should be assigned a unique ID.
Requirement 9: Restrict physical access to cardholder data.
The fewer ways to access transaction data, the fewer opportunities hackers have to steal the data.
Requirement 10: Track and monitor all access to network resources and cardholder data.
Protect data by knowing who’s using the system when.
Requirement 11:Regularly test security systems and processes.
Make sure you security systems and processes are working as intended by performing regular security tests.
Requirement 12: Maintain a policy that addresses information security.
Develop and adhere to information security policies, making updates as needed.
At CyberDesign, we can guarantee that our ecommerce systems comply with all these requirements to ensure safe and secure shopping for your customers. Contact us for a free ecommerce system quote.
« Previous Article | Back To Articles | Next Article »
Click Here for a Free Consultation
