A Review of the New Credit Card Processing Requirements
Credit card fraud has been a serious issue for some time now, fueled in part by the high volume of Web-based credit card transactions. According to the Privacy Rights Clearinghouse, more than 100 million records containing sensitive information have been exposed to theft since 2005. To safeguard sensitive information, effective July 2010, all organizations processing credit card data must comply with the new Payment Card Industry Data Security Standard (PCI- DSS) or risk being fined by their credit card processor. Here we provide a brief overview of the PCI-DSS requirements.
12 PCI-DSS Requirements
All businesses processing credit cards are required to comply to the 12 components of PCI-DSS requirements below:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters. Use strong system passwords.
- Protect stored cardholder data using programming methods such as encryption, truncation, masking, and hashing.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update anti-virus software.
- Develop and maintain secure systems and applications. When a software vendor, such as Microsoft, issues a security patch, it must be installed promptly.
- Restrict access to cardholder data to those who need it to complete their job responsibilities.
- Assign a unique ID to each person with access to your computer or network.
- Secure hard copies of credit card information in a restricted access location.
- Track and monitor all access to network resources and cardholder data.
- Test your security systems and processes on a regular basis.
- Maintain a written company policy that addresses information security.
Sage ERP Accpac Credit Card Data Scrub Utility
To assist customers in complying with PCI-DSS by removing credit card data from Sage ERP Accpac, a Credit Card Data Scrub Utility has been developed. The utility is compatible with all supported versions of Sage ERP Accpac, including Versions 5.4, 5.5, and 5.6, and addresses all Order Entry, Accounts Receivable, Accounts Payable, and Bank Services records that contain credit card information.
An option is provided to export the credit card information. In this case a password will be required to protect/encrypt the exported data file. The password will not be stored by Sage ERP Accpac and Sage will not have the ability to extract it at a later date. You must run the utility separately for each company that contains credit card information. Make certain to backup all company databases before running the utility.
Once you have completed running the Scrub Utility you will be able to complete the required Self-Assessment Questionnaire, stating that you do not store credit card information in your payment application.
For more information on PCI Compliance, please visit: http://www.sageaccpacinfo.com/PCI/