Credit card fraud and data theft aren’t new concepts for online vendors. It seems like even as eRetailers get more savvy at protecting themselves, information thieves get a little bit sneakier and a lot smarter.
Because personal and credit card data can be used in incredibly damaging ways when in the wrong hands, all of our fulfillment vendors are required to adhere to PCI Security Standards Council requirements.
This way we can do everything possible to protect ourselves, our merchants and their customers from being part of this unwanted and nefarious activity.
PCI Compliance Requirements That Affect Your Company
The Payment Card Industry Security Standards Council is in charge of administering data security programs meant to protect credit card information. These originate from five major credit card companies, including:
- Visa’s Cardholder Information Security Program
- MasterCard’s Site Data Protection
- Discover’s Information Security and Compliance
The PCI Data Security Standard (PCI DSS) applies to all companies that accept credit and debit cards as payment methods. It doesn’t matter if your company stores that data or not, you’re expected to achieve and maintain PCI DSS compliance.
PCI & Your 3PL
PCI DSS Mandated Requirements
In order to continue to maintain our PCI DSS-compliant status, we have a lot of rules to follow and plenty of steps we have to continually review in order to give your data the care it really needs.
These may seem like a lot of bureaucratic headaches, but the truth is that each of the PCI DSS requirements are meant to increase data security and protect your customers.
The PCI DSS requirements that ShipWizard are held to are listed below:
- Install and maintain a firewall configuration to protect cardholder data
- Avoid vendor-supplied defaults for system passwords and other security parameters
- Protect stored data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Test security systems and processes regularly
- Maintain a policy that addresses information security
Reducing your losses to credit card fraud, as well as protecting your customers’ data, are why we work so hard to maintain our end of PCI DSS compliance. Even though your shoppers will never know how much you’re doing for them behind the curtain, they will know that they can trust you with their credit card information. That means a lot in a world where it seems like data breaches have become the norm.