Change in Rank
PCI compliance companies test a client’s firewall and network security mechanisms to ensure the financial information being transmitted and potentially stored is safe from the threat of outside and internal intrusion through avoidable network security incidents. A properly configured and secured firewall is essential for companies which accept credit card and other payments from their customers on site.
It is important for each vendor to ensure the client takes advantage of effective and secure data encryption technologies and protocols. There are a wide variety of encryption technologies which exist to allow for information to be sufficient encrypted and to increase the difficulty of unencrypting information. The vendors we recommend are able to properly test and audit a client’s encryption practices.
It is also important for the software used to transmit secure information to be properly tested to ensure that there are no bugs or issues which could impact the integrity of secure and financial information of a merchant’s clientele. It is extremely important for the merchant to take steps to ensure that all software within their systems are kept up-to-date to prevent future exploits from impacting their network and data security.
The security and integrity of the systems involved in both processing secure payments and handling day-to-day operations need to be properly secured with individual credentials and logging systems to ensure only authorized parties access them. System security practices are put to the test to ensure an intrusion is less likely to occur from within an organization through an employee or third-party obtaining credentials.
Several monitoring systems and practices should be put in place to ensure the continued success and security of the merchant’s payment processing. It is important for different machines to be logged for access and actions to provide the merchant the ability to audit their own internal processes. There should be monitoring in place from a network-perspective as well to ensure network traffic is being logged.