A Review of the New Credit Card Processing Requirements

By: | Category:

Credit card fraud has been a serious issue for some time now, fueled in part by the high volume of Web-based credit card transactions. According to the Privacy Rights Clearinghouse, more than 100 million records containing sensitive information have been exposed to theft since 2005. To safeguard sensitive information, effective July 2010, all organizations processing credit card data must comply with the new Payment Card Industry Data Security Standard (PCI- DSS) or risk being fined by their credit card processor. Here we provide a brief overview of the PCI-DSS requirements.

12 PCI-DSS Requirements
All businesses processing credit cards are required to comply to the 12 components of PCI-DSS requirements below:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters. Use strong system passwords.
  • Protect stored cardholder data using programming methods such as encryption, truncation, masking, and hashing.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications. When a software vendor, such as Microsoft, issues a security patch, it must be installed promptly.
  • Restrict access to cardholder data to those who need it to complete their job responsibilities.
  • Assign a unique ID to each person with access to your computer or network.
  • Secure hard copies of credit card information in a restricted access location.
  • Track and monitor all access to network resources and cardholder data.
  • Test your security systems and processes on a regular basis.
  • Maintain a written company policy that addresses information security.

Sage ERP Accpac Credit Card Data Scrub Utility
To assist customers in complying with PCI-DSS by removing credit card data from Sage ERP Accpac, a Credit Card Data Scrub Utility has been developed. The utility is compatible with all supported versions of Sage ERP Accpac, including Versions 5.4, 5.5, and 5.6, and addresses all Order Entry, Accounts Receivable, Accounts Payable, and Bank Services records that contain credit card information.

An option is provided to export the credit card information. In this case a password will be required to protect/encrypt the exported data file. The password will not be stored by Sage ERP Accpac and Sage will not have the ability to extract it at a later date. You must run the utility separately for each company that contains credit card information. Make certain to backup all company databases before running the utility.

Once you have completed running the Scrub Utility you will be able to complete the required Self-Assessment Questionnaire, stating that you do not store credit card information in your payment application.

For more information on PCI Compliance, please visit: http://www.sageaccpacinfo.com/PCI/

Other Posts You May Like

The Sage Migration Journey: Sage ERP On-Premise Users Embrace the Power of Sage Intacct

Why the buzz? What’s propelling this shift from Sage ERP legacy on-premises to Sage Intacct, Sage’s next generation Cloud ERP /accounting system? In this on-demand session we unravel the reasons fueling legacy Sage ERP users to migrate to Sage Intacct,…

Net at Work Has a New Updated and Enhanced Sage 300 Help Desk Process

Over the past 6 months, Net at Work has been transitioning our Sage 300 support systems to a partnership-oriented service.  We want to be your ally and teammate for all your business needs.  And we want you to be able to reach…

Sage 300 Security Alert: Updates That May Affect Use of Sage 300 – OAuth and TLS

Sage recently sent an email (see it at the bottom of this thread) where they announced two important items that may directly impact your company’s ability to work within the Sage 300 product. For your convenience, we have highlighted the…

   Sage 300 ERP