The payment card industry (PCI) mandates PCI compliance for everyone that captures, processes or stores credit card numbers. Card Issuers and processors incur large losses each year resulting from credit card fraud and identity theft from merchants that process credit cards online and on-premises. The Payment Card Industry (PCI) have created stringent data security standards (DSS) for retailers to address this growing problem.
We employ military grade encryption to all critical client and passenger data storage and transmit to our gateways using only approved PCI compliant methods. We also, made the decision in 2010 to adopt the Microsoft Cloud which is a PCI Certified data storage facility. The various certifications and attestation of certification can be accessed here: Azure PCI Attestation of Compliance
FASTTRAK users that have a Cloud or On-Premise application have the capability to process secure credit card payments to a merchant account gateway such as VeriSign (PayPal payflow pro),CBS or eBizCharge, etc... or offline via terminal credit card processing and therefore must comply with the PCI DSS controls and processes. Costly fines have been issued where a breach occurred on the part of the merchant.
There are 12 core requirements for meeting the PCI DSS, divided up into 6 key groups:
Build and Maintain a Secure Network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Requirement 5: Use and regularly update anti-virus software
- Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
- Requirement 12: Maintain a policy that addresses information security
It is important to note that while FASTTRAK utilizes multiple layers of encryption to protect you and your customer's personal credit card data and we are an integral part of the chain in obtaining PCI Compliance, the majority of the above rules relate to your local area network in the case of our Windows Cloud on-premise connections and the Microsoft Cloud hosting environment and staff procedures.
The above information relative to PCI Compliance should be used as a guide only and FASTTRAK Technologies, llc makes no warranty of any kind for the correctness or accuracy of this information. The merchant should seek what ever additional advice it considers appropriate.