There are 12 requirements that fall into six categories:
- Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
- Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and Web-hosting providers.
- Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).
- Implement Strong Access Control Measures: Access to cardholder data - both electronic and physical - should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.
- Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
- Maintain an Information Security Policy: It's critical that your organization has a resource for governing your company's data security. Ensure you have a policy and that it's disseminated and updated regularly.
Contact us to learn more about the new standards that will be critical to your business!
- Brian Terrell, CPA and Managing Partner