Any company that accepts credit card payments is held to the standards of the Payment Card Industry Data Security Standard. If your company intends to accept card payment and store, process, and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider. There are a variety of ways this can be accomplished, so we will go through a few of them to give you a better idea of what needs to be done when protecting customer data.
By creating a secure network, you ensure customer data is safe and well hidden from prying eyes. Setting up a firewall configuration to protect cardholder data is the first step. Your hosting provider should have firewalls in place to create a secure, private network. Work with them to gain insight on the matter and create a firewall configuration policy. Also, although it may sound obvious, create your own unique passwords for the system. Going with the default password can be dangerous as these are easy to generate and created simply as a placeholder. Create your own password to make it that much harder for outside forces to get in.
Protect your stored data. This applies to companies that store their cardholder data. Encrypt the transmission of cardholder data across open, public networks. It may sound obvious, but this is important to about identity theft. Encrypted data is unreadable and unusable to an intruder without the property cryptographic keys. These keys are plaintext turned into ciphertext, which contains information unreadable to those without the cipher or the correct decryption algorithm.
Make sure that there are no weak spots to your system. Use and maintain anti-virus software to protect against the most recent malware. Malware and viruses are constantly being updated, so keeping ahead of the curve is the best way to keep all of your information protected. If your data is being hosted on outsourced servers, a managed server provider is responsible for maintaining a safe environment, which includes generating audit logs. Keep all of your systems secure and well maintained. Using an alert system, you should be able to keep up with newly discovered security vulnerabilities and fix them before they become a problem. The PCI compliant host provider should be monitoring and updating the system to accommodate any security vulnerabilities, and if not, they should be informed of any changes made so that the proper updates can be implemented.
There should also be strong access measures in place. Limit the amount of people that have access to the cardholder data to lessen the chances of a security breach. User accounts with access should follow the best methods to safekeep the data, which means password encryption, authorization, authentication, password updates every month or so, log-in time limits, and so on. Follow all of these and use common sense to make sure your customers are safe in your hands. Be the best they expect you to be.