Blog November 18, 2014

PCI Compliance: Beyond Checking the Box

If you are a company that accepts, processes or stores credit card information, you are likely very familiar with PCI data security standards. Specifically, the Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard assembled by the Payment Card Industry Security Standards Council in order to help organizations that process credit card payments prevent fraud. While many companies become laser focused on “checking the box,” it’s important that compliance with this standard is treated more like a business priority than a burden.

As we enter the busy retail season – and a heightened focus on credit card security – here are a few PCI best practices to keep in mind:

 
Choose a Partner, not an Outsourcer

Even if you choose to work with a data center partner, you do not give up responsibility to ensure compliance. Therefore, it’s important to choose a partner that can and will work with you; create a connection and relationship with your team at every level. At Connectria we like to say that we act like an extension of your IT team.

Maintain a Secure Network

Deploy – or choose a partner that provides – dedicated firewall support with enhanced security rules for secured SSH & Remote Desktop connections and automatic server password expirations & automatic SSH & Remote Desktop timeouts.

Maintain a Vulnerability Management Program

When reviewing your infrastructure, or choosing a vendor to provide data center services, make sure you have an all-encompassing managed security solution including OS security patches and updates as well as virus, worm, Trojan and malware protection.

Implement Strong Access Control Measures

Managing in-house? Make sure you keep records of data movement on electronic media (we recommend Tripwire log and event monitoring) and maintenance records for any changes to the physical security of the data center facility. Using a 3rd party? Ensure your vendor provides the following: secure facility access with person-traps, biometric readers and card scanners and mandatory escorting of all outside visitors at all times, with facility access limits strictly enforced. Learn more about physical data center security.

 

While demonstrating compliance with industry regulations can often seem daunting, it shouldn’t take your attention away from running your business. Want to go beyond simply “checking the box” and being more proactive about your compliance? We may be able to help with our managed PCI Compliant Hosting solution.

Related Resources

 
Disaster Recovery Options For The IBM i Series
In 2017, Forrester Research partnered with the Disaster Recovery Journal to look at the state of disaster recovery preparedness in today’s companies. The results were…
 
7 Signs You May Need Help With Your Azure or AWS Deployment
According to Cloud Computing Trends: 2017 State of the Cloud Survey, companies house 41% of their workloads in a public cloud like Microsoft Azure or…
 
6 Ways to Build a Better Relationship with Your MSP
Thinking of leveraging a “managed service provider” in 2019? You’re not alone! IDC’s 2017 research found that 30% of executives outsource at least some of…