New PCI-DSS Requirements

If you accept credit cards (Who doesn’t these days?), there are new requirements that have been developed by the major credit card companies to insure customer data security. The new rules are known as Payment Card Industry Data Security Standards (PCI-DSS).There are 12 requirements for compliance that fall into six categories:

  1. Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.

  2. Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.

  3. Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant.

  4. Implement Strong Access Control Measures: Access to cardholder data – both electronic and physical – should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.

  5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.

  6. Maintain an Information Security Policy: It's critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it's disseminated and updated regularly.

What does this mean for Sage MAS 90 and Sage MAS 200 Customers? Versions 4.30.18 and 4.40.1 are currently undergoing the certification process as are Sage MAS 90 EES & Sage MAS 200 EES versions 1.3 with service update 18. If you’re not on one of those versions with the most current patches, get upgraded. There are some known issues with the installation of 4.30 service update 18 and 4.40 service update 1, so be sure to discuss with your reseller before installing these updates.If you are using Sage Payment Solutions, they are a Level 1 credit card service provider and are currently in full compliance.For more information for Sage MAS 90 ERP, Sage MAS 200 ERP, Sage MAS 90 EES, and Sage MAS 200 EES, check Sage’s PCI-DSS site. While you’re there sign up for one of the webcasts Sage is offering on the subject.Also of note, I find it funny there is a PCI for Dummies in PDF form.

Sage Credit Card Proce..., Sage MAS 90/200Greg TiricoCredit Cards, EES, ERP, MAS 200, MAS 90, Sage Credit Card Processing, Sage Links