PCI DSS is very important for eCommerce Industry, it provides a set of standard rules on how to protect Customer’s Credit Card Details which is often mentioned as Card Holder’s Data or CHD. This standard helps the merchant to develop an information security program and maintain it to meet their own business needs. The PCI DSS also helps to identify from where the CHD coming, passing through and getting stored. Mapping how the CHD moves through a Company’s network is one of the first steps before defining steps to protect it.
If PCI Compliance defined and maintained properly, it helps an organization to meet its information security program. And in today’s business scenario, Consumers are highly conscious before transacting through a website, PCI Compliance helps to achieve customer’s trust as well.
eCommerce PCI Compliance Checklist
Here we are defining an easy checklist which Merchant can maintain to achieve PCI DSS Compliance within their eCommerce system. PCI DSS V3 has 6 main requirements, subdivided among 12 Sub-Requirements that contain more than 300 specific standards to maintain. All these standards have only one goal – securing Card Holder’s Data. If somehow the CHD gets exposed to any anonymous visitor, the reputation of business and card issuers and expenses need to incur by Card Holder all will be at stake.
Our easy to follow PCI Compliance Checklist is defined as below:
- Use firewall between the section of Payment Card Data and Public network in your website, keep the firewall updated
- The devices participating in storing or processing of CHD, never used Vendor Specified Passwords which is given initially when selling that hardware
- Avoid storing Card Holder’s data if you have eCommerce website hosted in third party server. If your business need is to store CHD, then make sure your own server/hardware/software has strong encryption technique implemented.
- Use encryption to protect CHD information when CHD gets transmitted over Public Network
- Use Antivirus in all machines in the Card Holder Environment and keep the software updated
- Your card processing systems need to have vendor supplied latest security patch/version updated
- Highly limited access to CHD as many few employees of a merchant as possible. Apply time limitation as well like maximum 30 minutes to that environment to each user
- Unique Login ID to the user accessing CHD Data, so every user is accountable for any unauthorized or unusual access
- Not only system access but restrict Physical Access to the areas where the hardware storing CHD is placed
- Monitor all access to Company network to CHD Data Environment
- Regularly check all systems, hardware, software, monitoring data, access data etc.
- Define all the steps in a proper security policy and ensure all employees follow that.
Risk of being Non-Compliant
The risks range from monetary fines imposed by the card issuers to loss of consumer trust in the businesses who are found to be non-compliant. Trust is built over years and can be as valuable as any product sold. Beware of violating that trust by not protecting consumer card data as the effects of that can have a lasting impact on your business.
You may also be interested in: