BetterBuilt.com, LLC (BBC) has maintained and continues to maintain PCI security compliance standards on all of its servers, networks & end points as well as an employee company policy regarding credit card data. In addition, all BBC internet credit card transactions are covered against data theft insurance.
For BBC website customers who process their own online credit card transactions, they should also maintain their own separate data theft insurance and protection as recommended by their bank and/or credit card processing company. Gateways such as authorize.net and BBC web servers are PCI compliant however your bank may have also set forth additional data protection compliance standards that require you, our BBC website merchant, to also carry data theft insurance for processing credit cards over the internet. This insurance protects against the unlikely data theft of your customer’s credit card data. This data would include but is not limited to the customer’s name, billing address, shipping address, and credit card information such as the card number, expiration date and/or the CSV number. In the unlikely event that your merchant account is not required to carry data theft insurance you should consult with an insurance advisor to confirm that your existing insurance policy covers against such theft.
On 15 December 2004 the Payment Card Industry Security Standards Council (PCI SSC) was formed and the credit card companies aligned their individual policies to released the Payment Card Industry Data Security Standard (PCI DSS). From this point the security standards have evolved with the release of newer technology to protect credit card data theft.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized. These security principles are as follows:
Build and Maintain a Secure Network
RQMT 1: Install and maintain a firewall configuration to protect cardholder data
RQMT 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
RQMT 3: Protect stored cardholder data
RQMT 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
RQMT 5: Use and regularly update anti-virus software
RQMT 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
RQMT 7: Restrict access to cardholder data by business need-to-know
RQMT 8: Assign a unique ID to each person with computer access
RQMT 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
RQMT 10: Track and monitor all access to network resources and cardholder data
RQMT 11: Regularly test security systems and processes
Maintain an Information Security Policy
RQMT 12: Maintain a policy that addresses information security
For more information you can visit PCI Security Standards Council