I read a few things about PCI Compliance and how important it is for website's to be PCI compliant. I run an ecommerce business and would like to know how can I tell if my website is compliant.
Hi Jay,
It is good that you are interested in this as the move towards better security of client data and credit card information is an important one.
The PCI Security Standards Council has issued a priority approach to becoming PCI compliant that I feel best answers your question as it describes the steps, as per the PCI SSC, that need to be taken and the order they feel will make the transition the smoothest for companies. One thing to keep in mind when reading more on PCI Compliance is not to get overwhelmed by the requirements. It's a lot to take in but can be done in stages.
The PCI DSS, Data Security Standard has identified 6 milestones for their prioritized approach. Below is a list of the goals of each of these.
Prioritized Milestones
=-=-=-=-=-=-=-=-=
1. Remove sensitive authentication data and limit data retention.
2. Protect the perimeter, internal, and wireless networks.
3. Secure payment card applications.
4. Monitor and control access to your systems.
5. Protect stored cardholder data.
6. Finalize remaining compliance efforts, and ensure all controls are in place.
PCI Data Security Standard (PCI DSS) Requirements
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for employees and
contractors
So in a nutshell, Jay, the closer your become to satisfying the requirements, that apply to your business, then the closer your site will become to being fully PCI compliant.
