With the constant threat of security breaches looming over your business, it is more critical now than ever to secure your payment processes and protect your customer account data. Starting is easy, the Payment Card Industry (PCI) Security Council developed a set of 12 comprehensive requirements called the PCI Data Security Standard or PCI DSS. All merchants must meet the set PCI DSS requirements to be in full compliance with their CyberSource Merchant Services Agreement.
All of our merchants must be PCI DSS compliant by July 30th, 2010. Non-compliant merchants shall be charged a fee of $25 per month effective July 30th 2010. This fee will be applied monthly until you validate your compliance with the PCI DSS. In addition CyberSource reserves the right to terminate your agreement if you fail to comply with PCI DSS.
To learn more about PCI-DSS and how it affects you please watch our PCI-DSS 101 webinar.
For your convenience here is the set of 12 requirements developed by the PCI Data Security Council that all merchants must meet in order to be compliant with the PCI DSS. For more information about these requirements please visit the PCI Security Council website at http://www.pcisecuritystandards.org.
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Trustwave is a leading provider of on-demand information security and compliance management solutions for merchants large and small. Trustwave is both a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the card associations. CyberSource has partnered with Trustwave to help our merchants become PCI DSS compliant. All CyberSource merchants that sign up for Trustwave services will receive a free Organization Validation (OV) SSL Certificate. For more information about Trustwave and how they can help you become PCI DSS complaint, please visit https://pci.trustwave.com/cybersource.