Criminals can change the code on an insecure website so that it calls a similar domain (paymentiexpress.com for example), takes the credit card details, stores them to be sold at a later date, and then passes the credit card details to the correct site (paymentexpress.com) for processing.
If criminals do manage to steal the credit card details of your clients, the penalties from your bank can include:
- Fines of up to USD 500,000
- A mandatory review of your security (at your cost)
- Removal of your ability to take credit card payments
And your reputation with your clients will obviously suffer.
To be PCI Compliant there are twelve obligations that we must meet:
Build and maintain a secure network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
Implement strong access control measures
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly monitor and test networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes
Maintain an Information Security policy
- Maintain a policy that addresses information security for all personnel
To ensure we are PCI compliant we are independently scanned every month by Security Experts…Secure Strategy.