{"id":2768,"date":"2017-07-13T08:45:32","date_gmt":"2017-07-13T08:45:32","guid":{"rendered":"https:\/\/www.santarosawebsite.com\/websitedesign\/?p=2768"},"modified":"2017-09-07T20:23:28","modified_gmt":"2017-09-07T20:23:28","slug":"2017-pci-compliance","status":"publish","type":"post","link":"https:\/\/businesswebsitecenter.com\/websitedesign\/2017-pci-compliance\/","title":{"rendered":"2017 PCI compliance"},"content":{"rendered":"<p>PCI DSS compliance (or PCS DSS) has become quite complicated and demanding in 2017. You may have received a notification from your merchant account, your payment gateway, your hosting provider, your webmaster, or other party about. Today, we will review what it all means and the steps you need to take to stay in compliance and be legally protected. Understand that this post will focus on website compliance only and there is much more to it.<\/p>\n<p><strong>What is PCI compliance?<\/strong><\/p>\n<p>PCI DSS stands for Payment Card Industry Data Security Standard. It was established by the Payment Card Industry Security Standards Council. It is a set of specific procedures and policies meant to protect and safeguard your clients\u2019 financial information (their credit card and billing information for instance) as well as your company or organization. Anyone accepting payments for products or services rendered has to adhere to these rules without exception.<\/p>\n<p>The number of PCI compliance requirements has grown expediently in the past 24 months due to increased security concerns especially for websites selling online and accepting credit card payments. Hacking is at all time high and, in addition to website security measures, a company or organization accepting payments has to do more to protect its customers\u2019 data. So you not only need to protect your website but also need to secure your clients\u2019 data on and off line.<\/p>\n<p>For additional details, we encourage you to visit the <a href=\"https:\/\/www.pcisecuritystandards.org\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\"><strong>PCI compliance\u2018s official website<\/strong><\/span><\/a>.<\/p>\n<p><strong>What are the current requirements?<\/strong><\/p>\n<p>Below are the main requirements as noted by the Payment Card Industry Security Standards Council.<\/p>\n<ul>\n<li>Your website needs a <strong>website firewall<\/strong> to protect credit cardholders\u2019 information. At <strong>Business Website Center<\/strong>, we use SiteLock. The program is installed on your website\u2019s server by either your webmaster, hosting provider, or firewall company. Your merchant should have its own firewall protection, that is the law. And finally, our office computer network should be protected with a firewall.<\/li>\n<li>Once the data is stored in your system or a 3<sup>rd<\/sup> party vendor, it needs to be fully protected.<\/li>\n<li>When someone buys something on your site, the transmission of the credit card data between your payment page and your payment gateway (like Authorize.net) must be encrypted. This is done by having a <strong>SSL certificate<\/strong> installed. Typically, you would purchase the SSL certificate directly from your hosting provider. Once installed, it will enable your clients to use https (with a S) instead of http. In addition, you would want your webmaster to force all website traffic to go through https. This means that if a visitor type in http:\/\/yourdomain&#8230; it will automatically switch the page to https. Make sure to confirm that your hosting provider has <strong>TLS 1.2<\/strong> for security protocol enabled on their server. Large providers like GoDaddy already have it in place but not all providers do.<\/li>\n<li>An <strong>anti-virus software<\/strong> needs to be installed on your site. Again, we use SiteLock which scans the website daily for malware and security weaknesses.<\/li>\n<li>You must have a <strong>security policy<\/strong> in place for your website and train staff or whomever manages your website on the required procedures.<\/li>\n<li><strong>Applications<\/strong> on the website need to be kept updated with the latest most secured version. A good example is WordPress. To be in compliance, you need to have the newest version in place.<\/li>\n<li><strong>Access<\/strong> to online information needs to be fully secured with strong usernames and passwords. We also recommend a CAPTCHA system for the login page as well as a double login if available.<\/li>\n<\/ul>\n<p style=\"text-align: center;margin-bottom:20px;\"><a style=\"background-color: #214e78; padding:10px;color:#fff;font-size:large;\" href=\"http:\/\/sitelockaffiliate.offerit.com\/track\/MjI0LjEuMS4xLjAuMC4wLjAuMC4wLjAuMA\" target=\"_blank\" rel=\"noopener\"><strong>Check out SiteLock Products for PCI Compliance<\/strong><\/a><\/p>\n<p><strong>What should you do next?<\/strong><\/p>\n<p>First check with your webmaster, your merchant account, and payment gateway (sometimes the gateway and merchant account are one and the same). Ask them if they handle the PCI compliance for your website and hold the responsibility.<\/p>\n<p>There are also many websites now that can verify that you are in compliance. Simply search Google to find who does it and what the cost is. A good site is <a href=\"https:\/\/www.ssllabs.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\"><strong>Qualys SSL Labs<\/strong><\/span><\/a>.<\/p>\n<figure id=\"attachment_2795\" aria-describedby=\"caption-attachment-2795\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"petaluma wp-image-2795 size-full\" src=\"https:\/\/www.santarosawebsite.com\/websitedesign\/wp-content\/uploads\/2017\/07\/pcicompliance.jpg\" alt=\"pci compliance 2017\" width=\"400\" height=\"200\" srcset=\"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-content\/uploads\/2017\/07\/pcicompliance.jpg 400w, https:\/\/businesswebsitecenter.com\/websitedesign\/wp-content\/uploads\/2017\/07\/pcicompliance-300x150.jpg 300w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-2795\" class=\"wp-caption-text\">PCI Compliance and Website Data Protection<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>PCI DSS compliance (or PCS DSS) has become quite complicated and demanding in 2017. You may have received a notification from your merchant account, your payment gateway, your hosting provider, your webmaster, or other party about. Today, we will review what it all means and the steps you need to take to stay in compliance [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2792,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,180],"tags":[300,181],"_links":{"self":[{"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/posts\/2768"}],"collection":[{"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/comments?post=2768"}],"version-history":[{"count":9,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/posts\/2768\/revisions"}],"predecessor-version":[{"id":2878,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/posts\/2768\/revisions\/2878"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/media\/2792"}],"wp:attachment":[{"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/media?parent=2768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/categories?post=2768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesswebsitecenter.com\/websitedesign\/wp-json\/wp\/v2\/tags?post=2768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}