Making Sure Your Sites’ SSL Certificate is PCI Compliant

Technology

Guest post

The Payment Card Industry Security Standards Council is a council formed by multiple card providers (such as American Express, Visa, MasterCard) in order to formalise a set of standards known as the Payment Card Industry Digital Security Standards. The PCI Digital Security Standards are formed to ensure that companies comply with a standard set of security policies when taking card payments online. SSL international standards are one of the twelve requirements outlined in the Digital Security Standards. When investing in your digital certificate, although the Digital Security Standards does not explicitly state you should have Extended Validation, it is a fantastic step to take to ensure the trust of your customers.

When your company is compliant and fulfills all twelve requirements of the standards, you can apply to have a qualification assessment and become accepted as a Payment Card Industry compliant company, when you will receive a certification. Following certification, your organisation must regularly review security compliance to ensure your standards are still high.

The twelve regulations involve setting up and maintaining a strong firewall to protected cardholder data; not using default passwords for any system; protect (and encrypt) stored cardholder data; encrypt transmission across open networks (i.e. use SSL); use up to date antivirus; develop secure applications; restrict physical access and virtual access to cardholder data; auditing, tracking and monitoring of network resources; testing security systems and processes regularly; and maintain a good security policy.

Making sure you have a strong SSL certificate (128-bit minimum) is one of these standards. Make sure that when visitors are using the website, they are not required to enter any cardholder information when the connection is not secure (i.e. they are not on the https:// protocol). Also, ensure you use a trusted certificate authority such as Symantec. By following these standards and becoming PCI compliant, this will add another facet of trust to your business, allowing customers to check that you are compliant if necessary by visiting the PCI website.

Comments are closed.

Post Navigation