|
As an online credit card processor, eWAY is subject to standards
imposed on the industry by major card issuers such as Visa and MasterCard. The Payment
Card Industry (PCI) Data Security Standard (DSS) is a set of guidelines developed
to help organisations that process card payments prevent credit card fraud, hacking
and various other security issues. A company processing, storing, or transmitting
credit card numbers must be PCI DSS compliant or they risk losing the ability to
process credit card payments.
|
The PCI DSS, a set of comprehensive requirements for enhancing payment data security,
was developed by the founding payment brands of the Payment Card Industry Security Standards Council,
including American Express, JCB, MasterCard and Visa, to encourage the broad adoption
of consistent data security measures around the world.
|
|
The PCI DSS is a security standard that includes requirements for security management,
policies, procedures, network architecture, software design and other critical protective
measures. This comprehensive standard is intended to assist organisations proactively
protect their customer's information.
The core of the PCI DSS is a set of principles and accompanying requirements, around
which the specific elements of the DSS are organised:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder
data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder
data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Service Providers such as eWAY must validate compliance with an
audit by a PCI DSS Qualified Security Assessor (QSA) Company each year. eWAY’s
PCI DSS Audit is conducted by a third party, Securus Global, a certified QSA and QPASC under the
Payment Card Industry Data Security Standard Program.
View eWAY’s PCI DSS Compliance Certificate
|