Skip to content. | Skip to navigation

Sections
Credit Card Processing Simplified
Payment Processing Simplified
Personal tools
Home PCI Data Security Standard

PCI Data Security Standard

The Payment Card Industry (PCI) Data Security Standard is an industry-wide collaboration to create a single, comprehensive set of data security guidelines.

PCI combines American Express's Data Security Operating Policy (DSOP), Discover's Information Security and Compliance (ISC), MasterCard's Site Data Protection (SDP), and Visa's Cardholder Information Security Program (CISP) security standards into one. Other payment card companies endorse this standard within their respective security programs.

For merchants, adherence to the PCI standard means they must:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Auric Systems International has created a companion web site (www.PCIstandard.com) containing in-depth PCI information for our merchants.

Auric builds payment card transaction software designed for use in PCI compliant enterprises. Security is an on-going process, and Auric continues to improve our full compliance with Visa's Payment Application Best Practices guidelines which are derived from the PCI standard. Auric continues to provide software security features and information to support our merchant's ability to comply with PCI requirements.

The current Payment Application Best Practices documentation for Trevance, CreditNow! and CN!Express are available for immediate download.

The goal of the Visa Payment Application Best Practices (PABP) program is to guide developers in the creation of secure applications.

Secure application development follows Payment Application Best Practices, including:

  • Do not retain full magnetic stripe or CVV2 data
  • Protect stored data
  • Provide secure password features
  • Log application activity
  • Protect wireless transmissions
  • Test applications to address vulnerabilities
  • Implement secure network communication
  • Never store cardholder data on a server connected to the Internet
  • Facilitate secure remote software updates
  • Facilitate secure remote access to application
  • Encrypt all non-console administrative access
  • Encrypt sensitive traffic over public networks

Free PCI Compliance Scans

Auric has partnered with ScanAlert, Inc. to provide our merchants with one full year of FREE PCI Compliance scans. Our partnership provides significant discounts on additional ScanAlert services.

This is a full service PCI compliance program—from the world's largest web site security certification company. Use ScanAlert's tutorials, self-assessment "Wizard" and unlimited technical support to successfully complete the program within a few hours of enrollment.

This $149 per year program is available free when you sign-up with ScanAlert from the Auric web site. (Years 2 thru 4 are available for $19.00/year).

We already use the ScanAlert PCI Web compliance service on several of our web sites and can attest to the comprehensive utility of this service.

 

Document Actions