We are not PCI Compliance consultants. The following is not legal advice and is only intended to be used as a guideline for PCI Compliance. Please consult with a PCI Compliance expert when making your server PCI Compliant.
What is PCI Compliance?
PCI Compliance is a set of security standards defined by the Payment Card Industry Security Standards Council. PCI compliance is designed to secure credit card information stored on your server and thereby prevent credit card fraud.
What are the PCI Compliance Requirements?
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software on all systems commonly affected by malware
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security
How does ppSD2 help achieve PCI Compliance?
If you choose to store credit cards using the ppSD2 system, here's how ppSD2 helps you maintain PCI compliance:
- Credit card information is encrypted within the MySQL database. Note that this is two-way encryption, meaning that should a hacker attain your program SALT key, they would be able to decrypt the information,
- Credit card numbers are never visible on the admin control panel or the member control panel.
- Transmission of credit card information requires an SSL connection.
- ppSD2 prevents brute-force login attacks by locking out users and administrators after several failed attempts.
- We provide guides on how to create strong and secure passwords.