The Payment Card Industry (PCI) Data Security Standard is an industry-wide
collaboration to create a single, comprehensive set of data security guidelines.
PCI combines American Express's Data Security Operating Policy (DSOP), Discover's
Information Security and Compliance (ISC), MasterCard's Site Data Protection (SDP), and
Visa's Cardholder Information Security Program (CISP) security standards into one. Other
payment card companies endorse this standard within their respective security programs.
For merchants, adherence to the PCI standard means they must:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Auric Systems International has created a companion web site
(www.PCIstandard.com)
containing in-depth PCI information for our merchants.
Auric builds payment card transaction software designed for use in PCI compliant
enterprises. Security is an on-going process, and Auric continues to improve our
full compliance with Visa's Payment Application Best Practices guidelines which
are derived from the PCI standard. Auric continues to provide software security
features and information to support our merchant's ability to comply with PCI requirements.
The current Payment Application Best Practices documentation
for Trevance, CreditNow! and CN!Express are available for immediate download.
The goal of the Visa Payment Application Best Practices (PABP) program is to guide developers
in the creation of secure applications.
Secure application development follows Payment Application Best Practices, including:
- Do not retain full magnetic stripe or CVV2 data
- Protect stored data
- Provide secure password features
- Log application activity
- Protect wireless transmissions
- Test applications to address vulnerabilities
- Implement secure network communication
- Never store cardholder data on a server connected to the Internet
- Facilitate secure remote software updates
- Facilitate secure remote access to application
- Encrypt all non-console administrative access
- Encrypt sensitive traffic over public networks
Free PCI Compliance Scans
Auric has partnered with
McAfee Secure®
to provide our merchants with one full year of
FREE PCI Compliance scans. Our partnership provides significant discounts on additional McAfee Secure
services.
This is a full service PCI compliance program—from the world's largest web site security
certification company. Use McAfee Secure
tutorials, self-assessment "Wizard" and unlimited
technical support to successfully complete the program within a few hours of enrollment.
This $149 per year program is available free when you sign-up
with McAfee Secure from the Auric web site. (Years 2 thru 4 are available for $19.00/year).
We already use the McAfee Secure PCI Web compliance service on several of our web sites and can attest
to the comprehensive utility of this service.
Copyright ©
1996-2012
Auric Systems International. All rights reserved.