PCI Compliance is a list of requirements regarding IT infrastructure designed to protect customers credit card data. There are 12 main requirements along with an additional 220 sub-requirements outlined by the Payment Card Industry Security Standards Council.
If you are looking to launch an online company store, you will want to ask about PCI Compliance and card holder security.
The main PCI requirements include:
- Installing and maintaining a firewall configuration to protect cardholder data
- Not using vendor-supplied defaults for system passwords
- Protect stored card holder data
- Encrypt cardholder data
- Use and maintain anti-virus and intrusion prevention software
- Only use software that is PCI-DSS compliant
- Restrict access to cardholder data on a need to know basis
- Restrict physical access to card holder data
- Each person with access should have a unique login
- Track and monitor network access
- Test security systems and processes
- Maintain corporate policies that address card holder security
As you can see, installing an SSL certificate on your e-commerce website is simply not enough. Make sure the vendor you select for your online company store is PCI compliant.