If you are a company that accepts, processes or stores credit card information, you are likely very familiar with PCI data security standards. Specifically, the Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard assembled by the Payment Card Industry Security Standards Council in order to help organizations that process credit card payments prevent fraud. While many companies become laser focused on “checking the box,” it’s important that compliance with this standard is treated more like a business priority than a burden.
As we enter the busy retail season – and a heightened focus on credit card security – here are a few PCI best practices to keep in mind:
Choose a Partner, not an Outsourcer
Even if you choose to work with a data center partner, you do not give up responsibility to ensure compliance. Therefore, it’s important to choose a partner that can and will work with you; create a connection and relationship with your team at every level. At Connectria we like to say that we act like an extension of your IT team.
Maintain a Secure Network
Deploy – or choose a partner that provides – dedicated firewall support with enhanced security rules for secured SSH & Remote Desktop connections and automatic server password expirations & automatic SSH & Remote Desktop timeouts.
Maintain a Vulnerability Management Program
When reviewing your infrastructure, or choosing a vendor to provide data center services, make sure you have an all-encompassing managed security solution including OS security patches and updates as well as virus, worm, Trojan and malware protection.
Implement Strong Access Control Measures
Managing in-house? Make sure you keep records of data movement on electronic media (we recommend Tripwire log and event monitoring) and maintenance records for any changes to the physical security of the data center facility. Using a 3rd party? Ensure your vendor provides the following: secure facility access with person-traps, biometric readers and card scanners and mandatory escorting of all outside visitors at all times, with facility access limits strictly enforced. Learn more about physical data center security.
While demonstrating compliance with industry regulations can often seem daunting, it shouldn’t take your attention away from running your business. Want to go beyond simply “checking the box” and being more proactive about your compliance? We may be able to help with our managed PCI Compliant Hosting solution.