View PCI Compliance - Hudson Clients
How Hudson Clients Become PCI Compliant
PCI stands for Payment Card Industry and often is used generally to represent the set of rules established by the PCI Security Standards Council. These rules guide payment application vendors (Hudson) and merchants (Hudson clients) on the way credit cards and credit card information is processed and stored. The rules are designed to ensure that this sensitive data could not fall into inappropriate hands or be lost due to data or network security breaches.
The PCI Security Standards Council website contains a wealth of information for anybody wanting to know more about PCI rules and guidelines: PCI Council. While Hudson developers have been delivering robust and secure credit card processing solutions since 2001, the rules established by the PCI council serve as a benchmark against which all software providers can evaluate their payment applications. As more banks and companies are realizing the benefit of the standards, there is a move in place to require PA-DSS Acceptance (a.k.a PCI Compliance) from all payment application providers, like Hudson.
For Hudson clients to ensure their operations are PCI compliant, there are a few key items you must do (this is a simplified listing):
- Use a PCI Accepted payment application
- Follow the payment application providers instructions - ensuring compliance is maintained
- Complete and submit a PCI Self Assessment Questionnaire
- Perform or have performed quarterly network security scans
As a Hudson Client, you gain the peace of mind that the the payment application you are using (Hudson’s HGTS application) has been reviewed, and is PA-DSS Accepted. You must ensure that you are always following the Hudson provided guidelines on how to use the HGTS application to process your credit card payments. It is possible to diverge from the application configuration and guidelines and then expose yourself to potential data loss and breach.
If your processor or bank is requiring you to be PCI Certified, there is work that you must do, on your own, as a Merchant. As part of this process you must also evaluate your internal company policies, procedures and technology systems to ensure you conform to the PCI Security Standards Council guidelines. This is done by completing a self-assessment questionnaire that asks you to review and inspect aspects of your business you may not have addressed in a long time, if ever. New policies and procedures, all aimed at improved data security will most likely evolve out of the SAQ process. You will also need to engage the services of an independent security firm (Hudson is not capable or qualified to provide this service) to audit your facility and your networking infrastructure. Once this is all done, you submit the information for review and approval. Being identified as “compliant” is not an event that will occur on a single date. Rather, being “compliant” is a process that you will undertake for the duration of your business experience.
If your system is part of Hudson’s Cloud Hosting offering, then much of the PCI security process is already addressed for you. Hudson’s managed hosting partner, INetU, is a PCI certified hosting facility.
To locate information on how you can become PCI compliant, and certified, please review information on the PCI Security Standards Council website and look for information targeted for merchants.
For a straight forward listing of the items required for PCI-DSS compliance check this Quick Reference Guide: File:PCI SSC Quick Reference Guide.pdf