PCI Compliance in Fulfillment Services
These are just a few ways PCI DSS is applied here at ShipWizard:
- All transmissions of cardholder data across open public networks are encrypted. That means that, for example, transmitting shopping cart information to our warehouse management system (WMS) has to be done securely.Every fulfillment order file from our clients are protected with encryption.
- Logs of anyone who has looked at the data in question, along with all employees who would have access to it, are generated with granular detail. Because so many data breaches originate with employees, it’s vital that we know who has been accessing data in our facilities.Our security logs are PCI DSS compliant and every one of our employees has had a background check.
- Cardholder data is closely restricted. Not only is data tightly encrypted in our WMS, it’s regularly purged and each user that has accessed this secure data is recorded on an access log that can be reviewed if there is any suspicious activity.
It’s good to know that your 3PL has invested in the technology needed to keep everyone’s data safe.
PCI DSS Mandated Requirements
In order to continue to maintain our PCI DSS-compliant status, we have a lot of rules to follow and plenty of steps we have to continually review in order to give your data the care it really needs.
These may seem like a lot of bureaucratic headaches, but the truth is that each of the PCI DSS requirements are meant to increase data security and protect your customers.
The PCI DSS requirements that ShipWizard are held to are listed below:
- Install and maintain a firewall configuration to protect cardholder data
- Avoid vendor-supplied defaults for system passwords and other security parameters
- Protect stored data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data
- Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Test security systems and processes regularly
- Maintain a policy that addresses information security
Reducing your losses to credit card fraud, as well as protecting your customers’ data, are why we work so hard to maintain our end of PCI DSS compliance. Even though your shoppers will never know how much you’re doing for them behind the curtain, they will know that they can trust you with their credit card information. That means a lot in a world where it seems like data breaches have become the norm.