If your business accepts, stores, or transmits payment card data, then you need to understand the importance of Payment Card Industry (PCI) compliance. The PCI Data Security Standard was implemented about a decade ago as a means of protecting businesses and their customers against payment card theft and fraud.
The PCI standards pertain to businesses of all types and sizes. There are six PCI standard versions, with each version determined by the size of the organization’s customer/beneficiary base. PCI compliance certification is now a requirement for any company that manages cardholder data for major credit card brands such as MasterCard, Visa, and Discover.
What Are the Standards for Building and Maintaining a Secure Network?
The PCI Security Standards Council has developed and instituted a set of 12 standards consisting of technical and operational requirements for building and maintaining a secure payment card handling network. These requirements include:
- Installing and maintaining a firewall and router configuration to protect cardholder data — A firewall will control the data flow into and out of sensitive areas within your computer network.
- Refusing to use vendor-supplied defaults for system passwords and other security parameters — Failing to change default passwords is the equivalent of sending an open invitation to hackers, so be sure to change them prior to installing any system on your network.
- Protecting stored cardholder data — Avoid storing sensitive cardholder data from the card’s magnetic strip, and be sure to render PAN unreadable.
- Encrypting transmission of cardholder data across open, public networks — Encryption will render cardholder data transmitted over public networks unreadable by unauthorized personnel.
- Using and regularly updating anti-virus software or programs — Install anti-virus software on all systems to protect them against viruses and other malicious threats.
- Developing and maintaining secure systems and applications — Installing vendor-supplied security patches on a regular basis can minimize many system vulnerabilities.
- Restricting access to cardholder data by business need-to-know — Implement processes to ensure that cardholder data can only be accessed by individuals within your organization who have a genuine need to know.
- Assigning a unique ID to each person with computer access — All individuals with computer access should have their own unique ID, so all activities involving critical systems and data can easily be traced.
- Restricting physical access to cardholder data — Implement appropriate facility entry controls and other security procedures to keep unauthorized personnel away from systems that handle cardholder data.
- Tracking and monitoring all access to network resources and cardholder data — Employ logging mechanisms to help track and monitor user activities.
- Regularly testing security systems and processes — Routinely test all security controls, particularly in the wake of environmental changes such as installing new software or updating system configurations.
- Maintaining a policy that addresses information security for employees and contractors — Be sure that all security policies and procedures clearly identify information security procedures for contractors as well as your staff.
SecureDrawer Can Help You Fulfill Your PCI Compliance Requirements
Client sharing portals are an important component of a PCI-compliant computer network infrastructure. SecureDrawer from eFileCabinet is a user-friendly infrastructure management tool that allows you to share files containing sensitive cardholder data safely and securely. Using SecureDrawer in tandem with our flagship products provides a fully integrated document management system that can help you create an efficient, secure, paperless office environment
Key Features of the SecureDrawer Client Sharing Portal
SecureDrawer is an effective applications management tool for the secure transmission of electronic data, an important component of PCI compliance. Here’s a brief overview of the numerous SecureDrawer features and benefits:
- No more snail mail or email attachments — SecureDrawer offers a much faster and safer means of sharing sensitive documents with customers or colleagues than old-fashioned email attachments or snail mail.
- Built-in data encryption — Our secure infrastructure management tool features SSL/TLS encryption for all data transmitted between your computers and data servers. All documents are automatically encrypted when uploaded or downloaded.
- Established user groups — SecureDrawer enables you to create designated user groups to help prevent access of sensitive data by unauthorized users.
- Tamper-proof audit log — SecureDrawer provides a tamper-proof audit log, so you can easily trace all user activity regarding every document or transaction.
- Easy to use — We’ve designed SecureDrawer with a simple, user-friendly interface. Just a few clicks of a mouse enables you to securely share documents. The drag-and-drop functionality makes it easy to move documents between folder locations.
Is Your Business PCI-Compliant?
Make sure you’re doing everything possible to ensure the PCI compliance of your business. Contact eFileCabinet today to learn more about the PCI compliance standards and how they impact your company. You can also try our SecureDrawer client sharing portal for free by taking advantage of our no-risk, no-obligation 14-day trial offer.