The Payment Card Industry Data Security Standard requires businesses to properly store and protect the credit card information of their customers. The PCI DSS is devised and enforced by the five largest credit card companies in the country: Visa, MasterCard, American Express, Discover, and JCB. The main financial penalty for failing to comply with the PCI DSS is a fine of between $5,000 and $100,000 per incident. Last week, the newest version of the standard, PCI DSS 3.0, was released, and will go into effect on January 1, 2014.
Requirements introduced in the new version of the PCI DSS include:
- Penetration testing. Test if it’s possible to break into the system containing customers’ credit card data.
- Physical security. Guard against unauthorized physical access to the IT hardware with the credit card info on it. Also, inspect point of sale (POS) devices for signs of tampering.
- User differentiation. Prevent sharing of credentials and/or devices so that individual users of the system can be identified and tracked.
- Adaptable malware protection. Implement a flexible antimalware system that can be adjusted according to the evolving methods of hackers and malware developers.
Businesses can dramatically reduce the amount of work they have to do to comply with PCI DSS 3.0 by signing up for Application Hosting from IronOrbit. Our Hosted Applications like Hosted QuickBooks and Hosted Sage 50 already have enough security measures in place to comply with most of the requirements of PCI DSS.
The ways we protect our Application Hosting Solution include:
- Physical security. We prevent unauthorized access to our datacenters with biometric palm scanners and 24x7x365 alarm monitoring and closed circuit video monitoring.
- Operational security. IronOrbit personnel can access clients’ Application Hosting Solutions only when they have been authorized to do so. For auditing purposes, access by our personnel to the Application Hosting Solutions of our clients is always tracked and logged. Our access control and change management methods and policies comply with ISO 17799 information security guidelines.
- Logical and system security. We use firewalls, IDS/IPS, antivirus software, patch management, and content filtering to protect our Application Hosting Solutions from malware and hacking attempts.
For aspects of PCI DSS 3.0 that businesses have to take care of by themselves (like protecting POS devices from tampering or inappropriate access), we can use our knowledge and experience from prior instances of achieving PCI DSS compliance to provide them with exact instructions on how to do it. If necessary, we’ll also be glad to provide our clients with documentation outlining our security policies and procedures.
Signing up for Application Hosting Solutions like QuickBooks Hosting Solutions eliminates the hassles of complying with PCI DSS 3.0 using internal resources and personnel. In addition, IronOrbit Hosted Applications also perform better (because of Atomic Speed Technology), cost less (we charge only a low, flat monthly fee, even with all of the aforementioned security measures included), and are more reliable, better-maintained, and better-supported (all of our solutions come with around-the-clock monitoring and 24x7x365 technical support) than applications installed on local servers or the hard drives of PC workstations.
Contact IronOrbit at [email protected] or (888) 753-5060 for Hosted Applications compliant with PCI DSS 3.0, and also for solutions compliant with other data security standards such as HIPAA, SOX, and GLBA.