BTerrell Group Blog

PCI and PA-DSS News: New Scrub Utility Available Now!

Posted by Meredith Gooch on Wed, Jun 16, 2010

July 1, 2010, marks the date that credit card processing companies must validate that their customers are using a PA-DSS-certified payment application.

Although Sage ERP Accpac does not process or transmit credit card data, it does store data. To help you comply with PCI and PA-DSS requirements, Sage created a scrub utility to safely remove this data.

Failure to run the utility could result in fines and penalties, and it may include the risk of losing the ability to process credit card transactions altogether!

Contact me to make use of this utility!

Brian Terrell, CPA and Managing Partner

Tags: pci and pa-dss scrub utility for Accpac, pci compliance

What is PCI-DSS?

Posted by Meredith Gooch on Mon, Jun 07, 2010

PCI-DSS is a set of requirements for enhancing payment account data security. Its standards include requirements for security management, policies, procedures, network architecture, software design, and other measures created to protect customer account data. Developed by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International (the founders of the PCI Security Standards Council), PCI-DSS is designed to facilitate global adoption of consistent data security measures.

According the PCI Data Security Standards, you must be using a PA-DSS compliant payment application by July 1, 2010. Are you ready?

- Brian Terrell, CPA and Managing Member

Tags: pci compliance, PCI-DSS, credit card processing

Six Categories of PCI Compliance That You Need to Know

Posted by Meredith Gooch on Tue, Jun 01, 2010

There are 12 requirements that fall into six categories:

  1. Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
  2. Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and Web-hosting providers.
  3. Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).
  4. Implement Strong Access Control Measures: Access to cardholder data - both electronic and physical - should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.
  5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
  6. Maintain an Information Security Policy: It's critical that your organization has a resource for governing your company's data security. Ensure you have a policy and that it's disseminated and updated regularly.

Contact us to learn more about the new standards that will be critical to your business!

- Brian Terrell, CPA and Managing Partner

Tags: pci compliance, PCI-DSS, credit cards

Your Ability to Process Credit Cards May Be at Risk!

Posted by Meredith Gooch on Wed, May 26, 2010

As you may be aware, the five major credit card networks established the Payment Card Industry Data Security Standards (PCI-DSS) as a set of requirements for merchants to use when configuring their IT and payment-processing environments. If you store, process, or transmit cardholder data, your company may be subject to these requirements.

Merchants must comply by July 1, 2010, or risk losing the ability to process credit cards. For complete details on these requirements, visit the official PCI Security Standard Web site at: http://pcisecuritystandards.org.

Check back soon for more information on this important topic!

- Brian Terrell, CPA and Managing Partner 

Tags: pci compliance, PCI-DSS, credit cards