Level 4 PCI Compliance¶
- PCI Compliance
The following are our statements of how we follow the requirements of PCI Level 4 Compliance:
- Build and Maintain a Secure Network
- We Install and maintain a firewall configuration to protect cardholder data.
- We do not use vendor–supplied defaults for system passwords and other security parameters.
- Protect Cardholder Data
- We protect stored cardholder data through encryption.
- We encrypt transmission of cardholder data across open, public networks.
- Maintain a Vulnerability Management Program
- We use and regularly update anti–virus software on our development machines.
- We develop and maintain secure systems and applications.
- Implement Strong Access Control Measures
- We restrict access to cardholder data by business need–to–know.
- We assign a unique ID to each person with computer access.
- We restrict physical access to cardholder data.
- We do not store cardholder account numbers in our our database, nor can we even view them, since we only send them to the Gateway (TransNational, Authorize.Net or Sage Vault).
- Regularly Monitor and Test Networks
- We track and monitor all access to network resources and cardholder data.
- We regularly test security systems and processes.
- Maintain an Information Security Policy
- We maintain a privacy policy that addresses information security.
See also