|
|
| PCI DSS (Payment Card Industry Data Security Standards)
is a set of strict comprehensive requirements (applicable to systems
and processes) created by the card issuers, intended to ensure and
regulate the security of sensitive payment card data. Any company
processing, storing or transmitting payment card data must comply with
these PCI standards.
|
As
a Payment Processor and Service Provider, Card Access Services operates
sophisticated systems and employs processes to secure payment card data
during transmission and storage to ensure that our customers are
protected at all times from fraudulent activities and attacks in
accordance with PCI DSS.
System scans, penetration testing as well as annual onsite PCI audits are performed by Trustwave
Trustwave is an independent Qualified Security Assessor (QSA) certified by the PCI Security Standards Council to assess compliance with PCI DSS.
|
 |
|
| Staff Recruitment Processes and Background Checks |
All
staff within Card Access Services are scanned and background checked.
They are required to enter into an employee agreement that protects
privacy, confidentiality and intellectual property.
These processes include national police record checks and financial background enquiries.
|
|
| PCI DSS Requirements |
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect Stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
|
|
