Written on 15 May 2012
PCI Compliance
About
Being PCI Compliant is now a requirement for all eCommerce websites. It is a form of certification to prove that you are consciously keeping on top of any security threats and with regards to your customers credit/debit card data.
How we can help
We have many clients that are required to be PCI Compliant, so it is something that we have dealt with regularly. It is one of those things that can be pretty daunting when you look at everything that needs to be done in order to pass, but we can help you with that.
Below in the 'technical' section is a small list of some of the things that need to happen in order to make your website PCI compliant. Scary isn't it...
Technical
We have many eCommerce clients that trust TheDevTeam to manage their online presence and data security, so our top priority is to ensure that their transaction and supporter data is kept secure at all times.
We maintain the highest possible standards of data security. We have implemented key international standards of best practice in online and data security, including:
- MasterCard Secure Code (MCSC™)
- Verified by Visa
- Payment Card Industry Data Security Standard.
We take an active role in the overall reduction of identity theft and fraud on the internet by ensuring the security of our IT systems, personnel and infrastructure.
Our employees are trained in all aspects of web application security, including infrastructure vulnerabilities, cross-site scripting, secure data storage, and using the software development lifecycle to maintain and improve security.
TheDevTeam has been certified PCI compliant by Security Metrics Inc., a leading provider of Payment Card Industry (PCI) Data Security Standard (DSS) security solutions. Security Metrics Inc. is certified to perform PCI Scans (ASV), PCI audits (QSA), PA-DSS audits, penetration tests and forensic analysis. This means our systems and services comply with the Payment Card Industry Data Security Standard and that we actively protect our customers' identities, personal information and financial details.
Our security efforts are focused on the following areas:
- Mastercard Secure Code
- Verified by VISA
- Transaction Security
- Encryption and Data Storage
- Information Security Responsibilities for all Employees and Contractors
- Dealing with a Security Incident
- Card Security Code (CSC) and Card Verification Value or Code (CVV or CVC)
- Links to Banks
- Employee Access
- Anti-Virus Policies
- Security Patch Policies
- Remote Vendors for Maintenance
- Payment Card Industry (PCI) Data Security Standard Compliance