In Magento Open Source, you have to follow a range of privacy security capabilities that satisfy legal requirements and industry guidelines for online merchants. Depending on your location, some are commanded by the Payment Card Industry (PCI), and other are restricted by law.
- Legal Requirements
- Industry Guidelines
- Best Practices
In this article, we will provide you some information about PCI Compliance, and the importance of setting up techniques to secure payment data.
PCI Compliance Guidelines
A checklist of prerequisites that allows payment by credit card online has been built up by The Payment Card Industry (PCI). Any merchants who can access customer credit card data must meet the following guidelines to maintaining a secure server environment:
- Install and keep up a Firewall configuration to protect cardholder information.
- For system passwords and other security parameters, don’t use vendor-supplied defaults.
- Secure saved cardholder information.
- Transmission of cardholder information across open, public networks must be encrypted.
- Antivirus software must be install and regularly update .
- Develop and keep up secure systems and applications.
- Right to access to cardholder information must be restrict by business need to know.
- Assign a unique ID to each person with computer access.
- Physical access to cardholder data must be restricted.
- All access to network resources and cardholder information must be tracked and monitored.
- Security systems and processes must be tested regularly.
- Maintain a policy that addresses information security.
When your business becomes larger, you may need to save an annual compliance report file. PCI reporting prerequisites increment in extent to merchant level. The annual compliance report is required for businesses that process more than 20000 credit card transactions per year.