Unified Business Services recognizes the importance of data security to protect our merchants and their customers. In accordance with the PCI DSS (payment card industry data security standards), Unified Business Services is a Level 1 PCI Compliant Service Provider.
What is PCI Compliance?
The Payment Card Industry (PCI) is a set of industry-mandated requirements applicable to any business that processes credit cards. The PCI Council was founded by major card brands including Visa, MasterCard, Discover and American Express to create a set of technical requirements for data security. Those requirements address six main goals of card data security.
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Your Compliance Responsibilities:
Although Unified Business Services securely processes and stores card data for you, you will still need to complete PCI’s annual Self-Assessment Questionnaire (SAQ). You can find the SAQ and instructions on the PCI website at www.pcisecuritystandards.org.
Below is an example of some of the items a merchant compliance assessment will check for:
- The use of an up to date firewall between any public network (like free wifi) and the transmission of cardholder data over it or a related network.
- Any cardholder data stored on file must be protected with a strong encryption system.
- The transmission of cardholder data between your business and your processor must be protected with a strong encryption.
- Antivirus software must be installed and kept up to date on all machines dealing with cardholder data.
- Vendor-supplied passwords that come with network equipment or hardware devices used in payment processing must be replaced with new passwords.
- Vendor-supplied security patches for hardware and software devices must be kept up to date.
- Each user accessing or processing cardholder data should be given a unique identification for accountability.
- Physical access to terminals, computers or other hardware with access to the cardholder information or processing systems should be restricted and access should be actively monitored.
- All employees should stay informed of security policies concerning cardholder transactions.