PCI Compliance Map Homepage

PCI DSS Requirement How RetailCompli Assists
Protect cardholder data through the installation and maintenance of a firewall configuration. With RetailCompli, we protect your business through the implementation of an independently certified firewall. However, this is much more than a standard firewall. It will ensure your sensitive data and payment systems are protected through configuring the network correctly. This is the most technically challenging PCI DSS requirement, but with RetailCompli you can easily fulfil it. .
For system passwords and other security parameters, avoid the use of vendor-supplied defaults. We ensure that all of your systems are protected through the use of strong passwords, cryptography, encryption and other effective methods. We don’t use any default passwords.
Data in transit is protected through the use of encrypted VPNs, while ALL IPSec implementations are secured in accordance with NIST and other industry standards for transmission of cardholder data. However, other means must be used to encrypt cardholder data when it first enters the payment network. Data in transit is protected through the use of encrypted VPNs. However, other means must be used to encrypt cardholder data when it first enters the payment network.
Secure systems and applications must be developed and maintained. All of our technologies are developed in accordance with leading security practices. In fact, our networks are fully PCI DSS certified on an annual basis in a yearly security audit. However, your development processes and applications need to be checked to ensure they are PCI DSS compliant.
Use business need to know to restrict access to cardholder data. We limit certain areas of the network to ensure that access to cardholder data is restricted. If you are going to store any cardholder data, you will also need to create and maintain access procedures.
Access to system components must be identified and authenticated. To access our system, all users must be authenticated, thus achieving this requirement. However, you must make sure you manage access to all of your other system components.
All access to cardholder data and network resources must be tracked and monitored. We protect access to vital systems through the use of a strong two-factor authentication, meaning a username and password is not enough. RetailCompli also keeps a detailed log of all user activity, thus fulfilling the tracking requirement.

The following PCI requirements demand a mixture of technical elements with policies and procedures, and thus, while they use RetailCompli, they do so to a lesser extent.

Protect stored cardholder information. We recommend that you avoid storing cardholder data altogether, as this can be extremely risky, and thus you are exposing your business to dangers. However, if it is a necessity to store such information, you will need to ensure it is secure by implementing special procedures.
All systems must be protected against malware, and anti-virus programs/software needs to be regularly updated. With RetailCompli, you will benefit from a system that protects your business from any external threats through monitoring traffic and flagging up anything unusual. Nevertheless, you do need to protect other individual system components, and this involves maintaining anti-virus protection and software patches.
Physical access to cardholder data must be restricted. As mentioned, we recommend that you do not store any cardholder data. However, if you do need to do so, then you must limit access to this data in order to keep it secure. This involves meeting special criteria.
Regularly test all security processes and systems. You need to test your system for vulnerabilities throughout the year. PCI compliance is a continual commitment – it is not a checkbox exercise. Regular testing ensures that your procedures and policies are being followed.
Maintain a policy that addresses information security for all personnel. People are an essential part of ensuring PCI compliance and security are maintained. This requirement concerns the procedures and policies that they need to follow.