| If you have an e-business and you accept payments | | | | expensive. Do not store customer PANs in your |
| through credit cards directly through your website, you | | | | database, even encrypted as it makes your database |
| are required to meet the Payment Card Industry (PCI) | | | | server a much less attractive target. It inconveniences |
| compliance and PCI audit requirements. PCI regulations | | | | your customers a bit, because you can not pull up and |
| are required in order to prevent internet fraud. Most | | | | auto-fill their credit card number. |
| business owners find the PCI subject quite technical | | | | Do not store PANs on your web server, encrypted or |
| and complex. Fortunately, there are a whole lot of | | | | otherwise, not even in the temporary session. This |
| consultants who will audit your business and tell you | | | | may cause inconvenience to your customers a little if |
| how you can meet the PCI guidelines, with warnings of | | | | they have to go off the pages in that you can't |
| dire consequences if you don't. | | | | restore the credit card number. It is best to minimize |
| You can also download the PCI DSS document and | | | | the chances to lose a credit card number in a page |
| have comprehensive information about PCI and | | | | refresh or something of that sort. Encrypt pages that |
| security audit requirements. If you don't store primary | | | | collect credit card numbers to take you to the credit |
| account numbers (PANs) on any of your own servers, | | | | card gateway with SSL and a security certificate. |
| you can completely ignore most of the guidelines | | | | Be vigilant that your server does not get rooted. |
| because they only apply to servers that store PANs. | | | | Expert hackers can gain root access to your server |
| The good thing is that the responsibility for the | | | | that can be annoying. Hence it’s better to hire a |
| remaining guidelines is shifted to the credit card | | | | consultant that can guide you to comply with the PCI |
| gateway because they are the ones that keep track | | | | security audit regulations.iViz Security is a premium |
| of the PANs. Although all major credit card gateways | | | | security software provider specialized in vulnerability |
| are PCI compliant because they would be such an | | | | assessment and PCI audit and security audit |
| obvious target. | | | | requirements to shield your network's security and |
| There are certain PCI security audit guidelines for small | | | | save them from potential vulnerabilities and threats. |
| businesses, to make PCI compliance less complex and | | | | |