What is PCI?
The PCI Compliance standard was established in September 2006. It outlines a set of requirements for all companies that process, store, or transmit credit card information. These requirements are based on the number of transactions a business processes. Most small business will fall into the Level 4 Merchantcategory (less than 20,000 card transactions/year). You can perform a Self-Assessment Questionnaires (SAQ) to determine if your business is following the recommended guidelines for protecting credit card info.
You can use these links to get more information about the PCI compliance, and how it affects your business:
Level 4 Merchants should self-certify that they are following these practices:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Specialty Toys Network does its best to stay on top of any new laws like the CPSC or PCI that affect your site, however we are not lawyers. Any information we post is intended for informational purposes only, and should not be construed as legal advice. Feel free to send us your comments and thoughts – we appreciate your help to keep us updated as things change.