New Requirements for Customers Who Accept Credit Cards
Recent new requirements established by the five major credit card networks will most likely affect your company’s ability to accept credit cards. These new standards are referred to as the Payment Card Industry Data Security Standards (PCI-DSS) and were developed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International. Merchants will be required to follow these new standards by July 1, 2010.
Basically, PCI-DSS is a set of requirements for enhancing payment account data security. The requirements include security management, policies, procedures, network architecture, software design and other measures created to protect customer account data.
There are 12 requirements that fall into six categories.
- Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security passwords with special care to replace default passwords.
- Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
- Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications.
- Implement Strong Access Control Measures: Access to cardholder data – both electronic and physical – should be on a “need-to-know” basis. Ensure those people with access have a unique ID and password. Do not share logon information.
- Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
- Maintain an Information Security Policy: It’s critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it’s disseminated and updated regularly.
For Sage MAS 90 and 200 customers, versions 220.127.116.11 and 18.104.22.168 are in the process of being certified. For Sage MAS 500 customers, version 7.3 will be compliant. In addition, Sage Payment Solutions is a Level 1 credit card service provider and currently is in full compliance.