PCI Compliance
Do you have or are you considering having an eCommerce site? Credit card companies expect merchants to comply with PCI DSS (payment card industry data security standards). To gain a better understanding of PCI compliance and validation types, merchants can download guidelines at https://www.pcisecuritystandards.org/pdfs/instructions_guidelines_v1-1.pdf.
PayPal's Website Payments Standard is the fastest way to add PCI-compliant credit card processing to your website.
Simple buy now buttons can be added to your merchandise, or Website Payments Standard can be intergrated with a PayPal-compatible shopping cart into your site. As customers shop on your site, they just click a button to pay with their credit card or PayPal account. In either case, they pay on a secure, PayPal-hosted page. And UmeWorks can add your banner and website colors to your PayPal payment page for a smooth transition.
Because PayPal stores all PANs (primary account numbers), you don't have to worry about protecting stored cardholder data, encrypting data in transit, or restricting access to cardholder data. PayPal assumes all the risk. And PayPal is responsible for continually maintaining and regularly validating the security of Website Payments Standard, which frees up your time so you can focus on winning more customers and providing outstanding customer service.
UmeWorks can implement Website Payments Standard or other PayPal solutions into your website. Use the information below and the downloadable PDF guideline (linked above) to be sure you're PCI DSS compliant for the other solutions.
| PCI DSS Core Requirements | |
| Build and Maintain a Secure Network | |
| Requirement 1 | Install and maintain a firewall configuration to protect cardholder data |
| Requirement 2 | Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data | |
| Requirement 3 | Protect stored cardholder data |
| Requirement 4 | Encrypt transmission of cardholder data across open, public networks |
| Maintain a Vulnerability Management Program | |
| Requirement 5 | Use and regularly update anti-virus software |
| Requiement 6 | Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures | |
| Requirement 7 | Restrict access to cardholder data by business need-to-know |
| Requirement 8 | Assign a unique ID to each person with computer access |
| Requirement 9 | Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks | |
| Requirement 10 | Track and monitor all access to network resources and cardholder data |
| Requirement 11 | Regularly test security systems and processes |
| Maintain an Information Security Policy | |
| Requirement 12 | Maintain a policy that addresses information security |
| PA-DSS Security Audit Procedures | |
| Requirement 1 | Do not retain full magnetic stripe, card validation code or value (CAV2, DID, DVC2, CVV2), or PIN block data. |
| Requirement 2 | Protect stored cardholder data |
| Requirement 3 | Provide secure authentication features |
| Requirement 4 | Log payment application activity |
| Requirement 5 | Develop secure payment applications |
| Requiement 6 | Protect wireless transmissions |
| Requirement 7 | Test payment applications to address vulnerabilities |
| Requirement 8 | Facilitate secure network implementation |
| Requirement 9 | Cardholder data must never be stored on a server connected to the Internet |
| Requirement 10 | Facilitate secure remote software updates |
| Requirement 11 | Facilitate secure remote access to payment application |
| Requirement 12 | Encrypt sensitive traffic over public networks |
| Requirement 13 | Encrypt all non-console administrative access |
| Requirement 14 | Maintain instructional documentation and training programs for customers, resellers, and integrators. |
Ready to start? Request a quote from UmeWorks for your website, logo design, business card layout, online banner ad, or our other outstanding graphics design services.