Did you know that all businesses operating an ecommerce website that handles the transmission and storage of credit card data must adhere to the PCI DSS compliance standard?
PCI DSS (Payment Card Industry Data Security Standard) is a set of standards created by card issuers (ie, Visa, MasterCard and Amex (tm)) to ensure that companies treat the security of credit card information with the utmost importance. The PCI DSS standard applies to all organisations that store, process, or transmit cardholder information. Failure to comply with PCI DSS standards can result in heavy fines, restrictions, or even permanent expulsion from card acceptance programs.
This requirement is often overlooked by Australian businesses until their financial institution issues a notice that compliance is required to maintain their credit card merchant facilities. However achieving PCI DSS compliance can consume a great deal of resources from a businesses already overstretched IT department while they review the hundreds of pages of compliance documentation.
Implementing the standards required for PCI DSS compliance can be an overwhelming and monumental task for any business yet most of the procedural requirements relate to the information technology infrastructure's security. To overcome these overwhelming requirements a business can either spend months planning, spend significant capital expenditure and comsume excessive human resources or alternatively seek a technology partner to assist with the process.
Sanity Technology has successfully assisted its valued clients achieve and maintain Level 1 PCI DSS compliance since 2007 with a proven Australian hosting platform that complies with several key technology requirements including:
- Network address translation firewall implementation with content switches / load balancers that scale effortlessly with growing requirements.
- Up-to-date virus scanners and system vulnerability management across the entire network infrastructure from servers to routers and everything in between.
- Scheduled security scanning and network penetration testing on a regular basis.
- Centralized logging with all incidents reviewed by experienced technical personnel.
- Disaster recovery planning with off-site backup storage and recovery solutions to keep your business operating flawlessly.
- Compliant data centre hosting facilities, with a high level of security and CCTV coverage of the entire floor space.
- Intrusion prevention systems that inspect the contents of every packet inbound and outbound from your environment.
- Expert advice from experienced staff who have been audited by qualified security assessors on multiple occasions.
If you are looking for a fully implemented PCI DSS compliant solution or simply wish to utilize key pieces of our infrastructure that assist with achieving the various levels of compliance please don't hesitate to contact us to discuss your business needs today.