PCI Compliance Guidelines
Every merchant who handles customer credit card information is required by the Payment Card Industry (PCI) to conduct business within these guidelines.
- Build and maintain a secure network, and maintain a firewall on the server to protect data.
- Do not use vendor-supplied defaults for system passwords and security parameters.
- Protect stored customer data and encrypt the transmission of cardholder data and other sensitive information across public networks.
- Use and regularly update antivirus software, and develop and maintain secure systems and applications.
- Restrict physical access to customer data, and provide access only to those with business need-to-know.
- Assign each person with computer access a unique ID.
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes, and perform a quarterly network vulnerability scan.
- Maintain an Information Security Policy.
- Report to the Payment Card Industry according to the requirements of your merchant level.
- Although your Divendo store is hosted in a PCI compliant, "Tier 1" data center, you should be aware that there are additional requirements which are the responsibility of each merchant.
For small businesses that process fewer than 20,000 credit card transactions per year, the above PCI Compliance guidelines can be considered a set of best practices. If you conduct your online business within these parameters, you will enjoy the satisfaction of knowing that you are doing all within your power to provide your customers with a safe and secure shopping experience.
As your business grows, your PCI reporting requirements will increase in proportion to your merchant level. To learn more, contact the PCI Security Standards Council or the Divendo support desk on 0203 086 9860.