What is PCI Compliance?


2018-06-01T10:03:37-07:00

The PCI Compliance standard (Payment Card Industry Data Security Standard – PCI DSS) is an information security standard for organizations that handle Credit Card operations. The standard was created to increase cardholder data security and reduce Credit Card fraud. The PCI DSS specifies 12 security requirements for compliance that are organized into 6 related groups called “control objectives”. You can learn more about the requirements by visiting the official PCI Quick Reference Guide.

The PCI Compliance applies to companies and websites of any size that accept credit card payments, including Magento eCommerce websites. Some of the steps to protect cardholder data are:

SSL Certificate

Set up secure HTTPS connection: This is to make sure the communication between the user and the website server are secure and third parties cannot have access to the readable data being transmitted.

Magento & PCI Compliance

Magento helps store owners become PCI compliant in two ways. First, it offers the Magento Commerce (Cloud) which is PCI certified as a Level 1 Solution Provider. Thus, any merchants using Magento Commerce (Cloud) can use Magento’s PCI Attestation of Compliance to help through the PCI certification process. Second, Magento makes it easier to become PCI compliant thanks to the integrated payment gateways that not only make the stores’ checkout process very secure but also can store credit card info in a very secure fashion, if needed.

Server Precautions to make

  • Anti-virus software – use and regularly update
  • Restrict physical access to the servers
  • Setup 2-Factor Authentication for access to servers and the website Admin interface.
  • Use strong passwords – use passwords that do not have common words, your name,…
  • Firewall – set up and maintain a WAF (Web Application Firewall) and a Server Firewall

For a full list of security services that we at Kento Systems provide, please read our Security Solutions’ page and feel free to contact us at 310-882-7755 to inquire about Website and Server Security, Compliance and Audit services in the greater Los Angeles area.

Subscribe to our eCommerce Newsletter