• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
IVR Technology Group

IVR Technology Group

Delight Customers. Reduce Costs. Increase Efficiency

  • IVR payments
  • text payments
  • products
    • Automation Platform:
      Roll your own voice & text applications
    • Payments Suite:
      IVR payments by phone, text & chat
    • Broadcast Suite:
      Automated alerts by voice, text & email
    • White Glove IVR:
      We can help decrease agent call volume
    • Automation Solutions:
      More CS automation solutions.
  • about
    • About Us
    • FAQ’s
    • Security First
    • Careers
    • Partner With Us
    • Our Valued Partners
  • contact
  • blog
PCI DSS Certified Level-1 Service Provider

12 Step PCI Compliance Checklist To Protect Customer Payment Data

When it comes to payment solutions, your company has many options to accept payment. However, some options are much riskier than others. When it comes to taking payments, your company should offer a solution that adheres to PCI DSS requirements. According to Verizon’s 2015 PCI Compliance Report, 80% of all businesses could not pass a PCI compliance checklist.

Keeping Customer Payment Data Safe

The report also stated that 69% of customers would not conduct business with a company that’s been subject to a data breach. Does your business store, process, or transmit cardholder data? Then your company needs to keep that information from falling into the wrong hands. Following 12 practices of the PCI compliance checklist can help to keep customer’s data safe.

Build and Maintain a Secure Network

Requirement 1: To protect cardholder data – install & maintain firewall configuration.
A firewall acts as a filter between a business’s network and the rest of the Internet. This firewall would separate cardholder information from the rest of your network. PCI DSS standards require that firewalls and network routers are regularly tested every six months.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Finding a default password is easy. To illustrate, it’s just a matter of looking up the brand-name of the item online and searching for the default password. To keep entities from unauthorized access to data, PCI-DSS standards require the immediate changing of passwords.

Protect Cardholder Data

Requirement 3: Stored cardholder data must be protected.
PCI DSS requires stored cardholder data to adhere to the standards of protection at all levels. This would cover how cardholder data is documented is protected, as well as how it is encrypted. This would include data encryption, masking, hashing, and truncation.

Requirement 4: Encrypt transmission of cardholder data across open, public networks
Public networks are not remotely secure and can be susceptible to hacking. Only systems that implement strong cryptography and security protocols should transfer cardholder data. Subsequently, wireless networks that transmit cardholder data must also protect the transmission of this information with robust encryption methods

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software or programs
This requires the deployment of anti-virus software on computers that would access the network. This software must be capable of protecting computers from viruses, and malware, as well and detecting and removing all known types of malicious software.

Requirement 6: Develop and maintain secure systems and applications
Regularly update anti-virus software. This prevents data from malicious individuals or software compromising data.

Implement Strong Access Control Measures

Requirement 7: Limit access to a system component and cardholder data to only those individuals whose job requires such access
The fewer people that have access to card data, the more likely that it will adhere to PCI DSS standards. To put it another way, cardholder data is a valuable asset. Therefore PCI DSS protocol works to prevent unauthorized access.

Requirement 8: Assign a unique ID
Before all network users can access the system, they must log into it with an assigned unique ID. This helps to record when a user accesses cardholder information.

Requirement 9: Restrict physical access to cardholder data
To protect the storage of cardholder data unauthorized personnel, and visitors, should not be able to access the systems or data where it is stored. Furthermore, upon termination, all keys and access cards should be returned or disabled.

Regularly Monitor and Test Network

Requirement 10: Track and monitor all access to network resources and cardholder data

When an authorized user accesses the system, log, and tracks all actions. This creates a log of access times. These logs should be reviewed daily and audits retained for at least a year.

Requirement 11: Regularly test security systems and processes
Test the system regularly to assure PCI DSS compliant security protocols are in place. Run network vulnerability scans on a quarterly basis. Upgraded or modified machines, on the system, are also subject to a test.

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel
Establish a security policy that adheres to PCI compliance. Then, communicate this policy to all staff. This is regardless whether they are authorized to have access to cardholder information or not. Review and update this policy on a regular basis.

Firewalls and access cards are an excellent investment for your company, yet they are only as good as your security team. Educate and test employees on proper protocol. Regular software updates will also keep data safe.

Ready To Get Secure?

IVR Technology built our phone payment solution, Compass Pay, with data security in mind. In fact, we recently achieved PCI Level 1 Compliance. This is the highest level of security compliance that a service provider can receive. You can check out the official checklist on the PCI Security Standards website.

Compass Pay pci compliance,  PCI DSS

Primary Sidebar

Follow us on LinkedIn for all our latest posts.

Get Rapid Customer Feedback With IVR Surveys & Qualtrics

Case Study: Growing A Bank Through UCaaS & CCaaS Integration

The #1 Reason To Choose A Contact Center as a Service

Customer Story: Building World-Class CX With IVR Voice Surveys

This is what an IVR can do.

What is Interactive Voice Response (IVR)?

Reduce Contact Center Costs With an IVR System

How IVR Systems Help Reduce Contact Center Agent Turnover

SMS Text Messaging Tactics For Black Friday Success

Unified Communications as a Service: What You Need To Know

Footer


circle-twitter
circle-linkedin
circle-facebook
circle-mail
circle-phone
IVR Technology Group
HEADQUARTERS
  65 Lawrence Bell Drive, Suite 102
  Amherst, New York 14221
  1-716-250-2800
DALLAS SALES OFFICE
  1090 Texan Trail
  Grapevine, TX 76051
  1-972-846-4100
Client Login
SiteMap
Press
Contact Us
Privacy Policy
compliance

© 2021 · IVR Technology Group, LLC · all rights reserved