• Implement Strong Access Control Measures
7) Restrict access to cardholder data by business need-to-know.
8) Assign a unique ID to each person with computer access.
9) Restrict physical access to cardholder data.
• Regularly Monitor and Test Networks
10) Track and monitor all access to network resources and cardholder data.
11) Regularly test security systems and processes.
• Maintain an Information Security Policy
12) Maintain a policy that addresses information security
To demonstrate compliance, a small-to-medium sized business (Level 4 merchant) must complete the following steps:
• Identify the company’s Validation Type as defined by PCI DSS (see graphic). This is used to determine which Self-Assessment Questionnaire is appropriate for the particular business.
• Complete the Self-Assessment Questionnaire according to the instructions in the Self-Assessment Questionnaire Instructions and Guidelines.
• Complete and obtain evidence of a passing vulnerability scan with a PCI/SSC-Approved Scanning Vendor (ASV). Note that scanning does not apply to all merchants. It is required for Validation Type 4 and 5 — those merchants with external-facing IP addresses. Basically, if a company electronically stores cardholder information or if its processing systems have any Internet connectivity, a quarterly scan by an approved scanning vendor is required.
Horizon Business Concepts is the first industry business management software program to become compliant under the Payment Card Industry (PCI) Security Council’s new industry security standards...
Horizon Business Concepts software program meets Payment Card Industry (PCI) Security Council's new industry security standards for processing credit cards.