Questions? Contact Us

 

Latest News

Featured News & Events

Understanding PCI Compliance vs SSL Certificate

Bar none, securing consumer credit card data is essential to doing business in 2017. And the information security industry is meeting the demand. But as security solutions evolve in scope and scale, it's important to understand the various components so you're confident (and educated) in how to properly secure your customer data.

One of the elements of it compliance and security is an SSL (secure sockets layer) certificate, which provides data protection via a secured connection for credit card data as it travels across an open or public network. SSL technology secures credit card transactions, data transfers and logins over the Internet by establishing an encrypted link between web servers and browsers. And business owners should certainly obtain an SSL certificate – but that is only one piece of the information security pie.

The PCI (Payment Card Industry) Data Security Standards includes 12 requirements – one of which is transmission encryption through an SSL certificate.

Let's be clear. SSL is part of compliance. It is not compliance.

A business is not PCI compliant unless it meets all 12 requirements. Those requirements are made up of over 300 system specific system requirement tests covering a broader range of security goals beyond just information transmission across the Internet. The 12 requirement sections are divided into the following 6 compliance objectives:

  • Building and maintaining a secure network
  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protecting cardholder data
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Maintaining a vulnerability management program
  • Requirement 5: Use and regularly update anti-virus software programs
  • Requirement 6: Develop and maintain secure systems and applications
  • Implementing strong access control measures
  • Requirement 7: Restrict access to cardholder data by business need to know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
  • Regularly monitoring and testing networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes
  • Maintaining an information security policy
  • Requirement 12: Maintain a policy that addresses information security for all personnel

An SSL certificate is one of the mandates for having a PCI compliant site, but just having an SSL certificate does not make a business' website PCI compliant (it was worth repeating).

A third-party vendor, such as ZZ Servers, can help your business navigate industry security standards and ensure your business is meeting all the standards. ZZ Servers offers fully PCI enabled hosting environments and can help your business achieve PCI compliance through log monitoring and archiving, firewall maintenance, intrusion detection, vulnerability testing and internal and external penetration testing.

Securing customer data is essential for any business today. No matter your business' size, information security solutions are within reach. We can help.

Why PCI Compliance is Important to Your Business
Who enforces PCI compliance?

Related Posts

 

Tag Cloud

computer networks National Cyber Security Awareness Month IT solutions Credit Cards Shmoocon PCI Solutions cyber small business HIDS Online Business computing in the cloud Web Hosting Alarm credit card payment World Backup Day Health Insurance Portability vulnerability scanning hosting control panel dsbl cyber monitoring search INFOSEC computer security TiaraCon cyber liability insurance cli logical security cybersecurity Email Charleston BSides social engineering personal information data privacy multi-factor authentication intrusion detection Continuous Monitoring physical security DRP Compliance employee training support apache OSSEC security anti virus Internet infrastructure PCI DSS 3.2 Positive Customer Impact VPS Servers InterWorx cyber security ZZ Servers Co-Founder health care providers Home Depot Breach teensy Hackers Presentation Vulnerability information technology PCI Hosting compliance HIPAA solutions activesync sender policy IT Solutions ICANN shared folders log files PCI Service Provider Linux CentOs IT password amazon ec2 Internet cell phone email TLS cloud infrastructure bash network IT Services infrastructure follow.The HIPAA Privacy Rule spoofing HIPAA Control Panel Information Technology phishing two factor authentication spam Business Solutions members area David Zendzian data breach Health Care Cybersecurity exchange IT services arduino healthcare solutions compliant hosting business community change Car Hacking black friday Cloud Computing passwords shared hosting cloud business data protection Credit Card Security Sysadmin PCI compliance PCI Medical Records trends mail server Medical Solutions lamp Small Business business solutions command line Disaster Recovery Plan Geekend management caller-id openssl business solitions Cybersecurity Debian Security motivation Las Vegas Windows shared server email accounts smartphone DEF CON HIPPA security circles Assigned Names video PCI Compliance Zendzian Domani Names pci complliant hosting assesment credit card protect data PCI Audit dss Announcement education Hosting GDPR Business Planning malicious software kerio businesses recovering data vyatta router firewall filter security PCI HIPAA QSA credit cards stolen safe computing SSL vps Xen cyber monday blackberry Internet Corporation Scalable Redundant Cloud Infrastructure Server Mangement phishing attacks Healthcare Records Interworx-CP ipad permissions Accountability Act physical IT security qsa PCI Data Security Standards Reports ZZ Servers Payment Card Industry windows 7 eCommerce spf iphone embedded backup solutions cyber protection Cybersecurity Business Solutions Firetalk eCommerce Solutions HIPAA Solutions shared secure hosting Ubuntu