PCI Compliance

As credit card use has become more widespread both offline and online, and as consumer concern about security has understandably grown, the credit card industries have made an effort to ensure that sensitive information is protected. To that end, in September 2006, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) formed the PCI Security Standards Council (SSC) and established a set of rules for what they called PCI compliance. These rules have to be followed depending on the size of a business and the number of credit card transactions handled, and if carried out properly will help protect consumers' data from theft.

The Rules for PCI Compliance

There are six major categories within the standards established by the PCI SSC, which are as follows:

• Build and maintain a secure network
• Protect cardholder data
• Maintain a vulnerability management program
• Implement strong access control measures
• Regularly monitor and test networks
• Maintain an information security policy

What do you need to do?

If you store customer credit card information, then as of June 2008 you will be required to be PCI DSS compliant. This can be achieve by completing a self assessment from the PCI standards Authority or by employing an approved QSA company to audit you independently.

How can VI help me achieve PCI Compliance?

The security of your hosted environment is very important within this standard. If you do not have a Firewall at present or are unaware of what you need, we can advise you and install the necessary components.

The VI security audit is a perfect way to ensure that your Servers and Firewall's are patched and up to date. Contact the technical support department who will be happy to assist you with getting your hosting services up to date and ready for your PCI Audit.

Questions? Call us on 877-358-3819 or request a quote or information.