ERP Software Logo

Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process

 
 

k-eCommerce

Secure ACH & Credit Card Processing in Dynamics GP Part 2: Getting Started with PCI Compliance


    Email | Print

    As stated in part one of this series, obtaining PCI Compliance is essential for any business that intends to process credit card or ACH payments online. These standards have been set by the Payment Card Industry Data Security Standard (PCI DSS) to help reduce fraud and ensure electronic payments are processed in a secure manner.

    In order to obtain PCI Compliance, a business must adhere to 12 requirements set by the PCI DSS that are divided into six categories. Taken from their website, these are as follows:

     

    Build and maintain a secure network1. Install and maintain a firewall configuration to protect data.
    2. Do not use vendor-supplied defaults for system passwords and other security parameters.
    Protect cardholder data3. Protect stored cardholder data.
    4. Encrypt transmission of cardholder data and sensitive information across public networks.
    Maintain a vulnerability management program5. Use and regularly update anti-virus software.
    6. Develop and maintain secure systems and applications.
    Implement strong access control measures7. Restrict access to data by business need-to-know.
    8. Assign a unique I.D. to each person with computer access.
    9. Restrict physical access to cardholder data.
    Regularly monitor and test networks10. Track and monitor all access to network resources and cardholder data.
    11. Regularly test security systems and processes.
    Maintain an information security policy12. Maintain a policy that addresses information security.

     

    These technical and operational requirements are imperative. They help a network protect sensitive data that if obtained by the wrong person could lead to cardholder fraud or identity theft. These also create a solid baseline that makes anyone involved with using cardholder data accountable should an issue arise.

    So, how do you get started with obtaining PCI Compliance? This process can be broken into three steps: assess, remediate and report.

    Assess
    You must know the ins and outs of your IT assets and business processes used for processing credit card and ACH payments. These should be analyzed for vulnerabilities. This process must be executed in order to find and eliminate any possible risks.

    Remediate
    This next step includes addressing any vulnerabilities that may be present to ensure a more secure network. These vulnerabilities may include issues in code or could just be the method a business uses for processing credit card and ACH transactions.

    Report
    The final step requires collecting records that show actions taken during the remediation process as required by PCI DSS. These reports must be submitted. Compliance reports must also be submitted, but these go to banks and credit card companies that your organization will do business with. These reports must be submitted on a recurring basis.

    These three steps, assess, remediate and report, are an ongoing process.

    Azox Credit Card Extension (CCE) is PA-DSS certified, which means obtaining PCI Compliance when using our solution is must simpler. CCE is an ACH/credit card processing solution for Dynamics GP. For more information, download this white paper or to see the our solution in action, join us for a webinar.

    by Azox

    Ask This Expert a Question / Leave a Comment

     

     
     
    Show Buttons
    Hide Buttons