Make Your Business PCI Compliant
You might be wondering how your business can become PCI compliant
By: Steve Jordan
Nov. 27, 2012 08:30 AM
PCI compliance is an absolute must for any commercial entity that is selling products or services over the Internet. It is bound up with the very strict lawful requirements, but there are many other very elementary consumer-based reasons to employ it. Not least of these is the concept of convenience - paying using a credit card is just so much simpler, and it doesn't always necessitate signing up to a website in order to make a transaction. It also hold numerous possibilities for mobile device based transactions.
You might be wondering how your business can become PCI compliant. The term stands for Payment Card Industry and is literally a security measure that can protect online and offline data, no matter the credit card. There have been many high profile leaks of data whereby users have had very sensitive pieces of data stolen. This has only served to highlight the need for measures that ensure secure data transfer as well as storage options that utilise many different levels of security. At Hyve, we take many different measures to ensure that data is embedded behind many layers of protection that can offer you a level of security that breeds faith.
There are 12 detailed requirements for PCI compliance which can be broken down into six or so measures that can help to protect data from theft. The first measure is to install and maintain a firewall. This includes configuring it to the best of your ability and providing adequate program control that allows those programs that need access to the Internet to get through, while also ensuring that all of these programs don't represent a security breach in themselves. The firewall must also not be so wieldy and hefty that it creates a bottleneck in the responsiveness of your system. The second objective to meet is to protect cardholder data usually through an encryption process. SFTP transfer is a method employed by Hyve when large amounts of sensitive data are to be sent over the Internet. It is fully compliant with PCI DSS measures as well as an assortment of other requirements including ISO, FIPS, and HIPAA.
The third objective is to invest in a management program that can test any vulnerabilities in your system. At Hyve we employ an Intrusion Detection System as well as multi-tier architecture to reduce the possibility of a breach. On the Host security layer we also offer Intrusion Prevention Systems as well as Patch Management.
The fourth requirement is to implement access control measures. At Hyve we offer Firewall, VPN, DDos protection as well as secure initial configurations, strong passwords, read/write permissions assigned per user and Private/Public Key encryption. The fifth and sixth measures including maintenance and monitoring of our networks and enforcing a policy that ensures that we continually meet the standards set for information security. Across our dedicated server hosting platform, we are constantly working with the best pieces of technology that are in themselves moving to neutralise emerging threats.
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week