Unified Business Services recognizes the importance of data security to protect our merchants and their customers. In accordance with the PCI DSS (payment card industry data security standards), Unified Business Services is a Level 1 PCI Compliant Service Provider.
Your Compliance Responsibilities:
Although Unified Business Services securely processes and stores card data for you, you will still need to complete PCI’s annual Self-Assessment Questionnaire (SAQ). You can find the SAQ and instructions on the PCI website at www.pcisecuritystandards.org.
Below is an example of some of the items a merchant compliance assessment will check for:
- The use of an up to date firewall between any public network (like free wifi) and the transmission of cardholder data over it or a related network.
- Any cardholder data stored on file must be protected with a strong encryption system.
- The transmission of cardholder data between your business and your processor must be protected with a strong encryption.
- Antivirus software must be installed and kept up to date on all machines dealing with cardholder data.
- Vendor-supplied passwords that come with network equipment or hardware devices used in payment processing must be replaced with new passwords.
- Vendor-supplied security patches for hardware and software devices must be kept up to date.
- Each user accessing or processing cardholder data should be given a unique identification for accountability.
- Physical access to terminals, computers or other hardware with access to the cardholder information or processing systems should be restricted and access should be actively monitored.
- All employees should stay informed of security policies concerning cardholder transactions.