The Merchant Processing Guru Tip# 31: The 12 requirements of PCI Compliance – Requirement #2
Do not use vendor-supplied defaults for system passwords and other security parameters. This one is actually fairly simple but many still do not change vendor passwords on their security devices this requirement asks for them to be changed on. The reason for this is quite simple, the vendor default passwords are so widely known that it is easy for a hacker to try this first when trying to gain access and they are likely to know pretty much all default passwords or can find them out with a simple search.
To be clear you must change the vendor default password on everything that is connected to your network including routers, POS systems, wireless devices, credit card terminals etc. This requirement also asks that you implement and update regularly your system configuration standards and encrypt any web-based administrative access via VPN. If this is beyond your technical abilities, please look into hiring an IT company to help you do this, it is so important and it will not cost that much to have an IT company do these things.
With these first 2 posts you should have a good idea of what securing your network means and that it really is not overly burdensome but is basically a best practice anyway to securing your data and that of your customers. You are now well on your way to understanding what PCI is and what you need to do to become compliant. Again, this is just a summary so please refer to the PCI DSS Requirements for more information as there are particular requirements that they have and I do not cover everything in this summary. You can find a great resource here for the PCI DSS Prioritized approach to becoming PCI compliant: PCI DSS Prioritized Approach
Russell Harverson has over 9 years experience in the credit card processing industry and has build a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Services, shedding light on the credit card processing industry. To contact him via email: [email protected]
Or call him at: 1-888-368-GURU (4878)