Secure ACH & Credit Card Processing in Dynamics GP Part 2: Getting Started with PCI Compliance

Visit Website View Our Posts

As stated in part one of this series, obtaining PCI Compliance is essential for any business that intends to process credit card or ACH payments online. These standards have been set by the Payment Card Industry Data Security Standard (PCI DSS) to help reduce fraud and ensure electronic payments are processed in a secure manner.

In order to obtain PCI Compliance, a business must adhere to 12 requirements set by the PCI DSS that are divided into six categories. Taken from their website, these are as follows:


Build and maintain a secure network 1. Install and maintain a firewall configuration to protect data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect cardholder data 3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data and sensitive information across public networks.
Maintain a vulnerability management program 5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
Implement strong access control measures 7. Restrict access to data by business need-to-know.
8. Assign a unique I.D. to each person with computer access.
9. Restrict physical access to cardholder data.
Regularly monitor and test networks 10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
Maintain an information security policy 12. Maintain a policy that addresses information security.


These technical and operational requirements are imperative. They help a network protect sensitive data that if obtained by the wrong person could lead to cardholder fraud or identity theft. These also create a solid baseline that makes anyone involved with using cardholder data accountable should an issue arise.

So, how do you get started with obtaining PCI Compliance? This process can be broken into three steps: assess, remediate and report.

You must know the ins and outs of your IT assets and business processes used for processing credit card and ACH payments. These should be analyzed for vulnerabilities. This process must be executed in order to find and eliminate any possible risks.

This next step includes addressing any vulnerabilities that may be present to ensure a more secure network. These vulnerabilities may include issues in code or could just be the method a business uses for processing credit card and ACH transactions.

The final step requires collecting records that show actions taken during the remediation process as required by PCI DSS. These reports must be submitted. Compliance reports must also be submitted, but these go to banks and credit card companies that your organization will do business with. These reports must be submitted on a recurring basis.

These three steps, assess, remediate and report, are an ongoing process.

Azox Credit Card Extension (CCE) is PA-DSS certified, which means obtaining PCI Compliance when using our solution is must simpler. CCE is an ACH/credit card processing solution for Dynamics GP. For more information, download this white paper or to see the our solution in action, join us for a webinar.

by Azox

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons