The Merchant Processing Guru Tip# 30: The 12 requirements of PCI Compliance – Requirement # 1
What I will try to do in this series is summarize the main objectives of each of the PCI requirements, giving you an easy to follow & understand overview of what you need to do to become compliant. Please keep in mind though that this is a summary, so please refer to the PCI Security Standards for a full description of what is required of your business.
Requirement #1. Install and maintain a firewall configuration to protect cardholder data. Sounds simple right? Got Firewall, good to go! Unfortunately just having a firewall does not fulfill this requirement, there are steps that you need to take to make sure your firewall is not only in existence but PCI requires that it be configured in a certain way, which I will specify, have periodic tests and procedures in place to make sure your firewall is effectively doing what it needs to do. Of course if you have a network, they are referring to a physical firewall in your router or some other standalone device, not a software firewall. Configuration should include restricting the flow of traffic from unknown sources, prohibit public access to any cardholder sensitive information and in addition, have personal firewall software on any wireless device or personal computers that have access to your network. This also means that if you are allowing wifi connectivity to the public (your customers, visitors etc.), you should at a minimum have a password on it that you change periodically and limit access to the rest of your network. But the best solution would be to have a separate network for your public wifi access.
If you have a network and do not have an IT person on staff who can configure this for you then I suggest that you find an IT company who understands these requirements and has had experience implementing networks that adhere to these requirements in other businesses.
Russell Harverson has over 9 years experience in the credit card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Services, shedding light on the credit card processing industry. To contact him via email: [email protected]
Or call him at: 1-888-368-GURU (4878)