Our sites are designed to make it as easy as possible to meet the requirements to be PCI DSS certified. They never stores any credit card numbers of any kind. If credit card information is collected on your website, it is immediately sent to your payment gateway. Your WordPress only stores the information you need in order to fulfill your orders such as the names, quantities of the products purchased and where to ship the orders.
The PCI DSS Security Standard has 12 requirements, listed below, that you must meet to be compliant. It’s up to you as a merchant to observe all of them. We can assist you with the technical details. Please consult with a QSA if you have additional questions about how the PCI requirements apply to your environment.
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data.
Firewall configuration is part of your web hosting environment and can be accommodated. Our systems do not store credit card numbers, expiration dates, or cvv2 codes.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
You should be sure to change your mysql and WordPress passwords to something other than the default passwords that are used when you first install your software. It is a good idea to change the admin username in WordPress to something other than admin as well.
Protect Cardholder Data
3. Protect stored cardholder data
Our solutions do not store credit card numbers, expiration dates, or cvv2 security codes.
4. Encrypt transmission of cardholder data across open, public networks
If you ask your customers to enter their credit card information on your website you must install an SSL certificate and make sure that it is always active when transmitting the credit card information from your website to your payment gateway.
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
This is outside of our scope and is the responsibility of the merchant site owner.
6. Develop and maintain secure systems and applications
This is outside of our scope and is the responsibility of the merchant site owner.
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
Our solutions do not store any credit card numbers, expiration dates, or cvv2 codes. The order information is protected by the WordPress account system. It is the responsibility of the merchant to protect the account information for both the WordPress website and any payment gateway accounts.
8. Assign a unique ID to each person with computer access
This is outside of our scope and is the responsibility of the merchant site owner.
9. Restrict physical access to cardholder data
It is the responsibility of the merchant site owner to ensure that the hosting facility has policies in place to restrict physical access to their servers.
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
This is outside of our scope and is the responsibility of the merchant site owner.
11. Regularly test security systems and processes
This is outside of our scope and is the responsibility of the merchant site owner.
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
This is outside of our scope and is the responsibility of the merchant site owner.
Recent Comments