The Merchant Processing Guru Tip# 35: The 12 requirements of PCI Compliance – Requirement #6
Develop and maintain secure systems and applications. This one is probably the most technical and complicated of all the requirements but unless you are developing software yourself for use with credit card processing most of the items in this requirement should not apply to you. Much of this requirement is geared to developers & so should you be utilizing software applications that have been developed by others just make sure they are PCI DSS level one certified, then not everything in this requirement will apply to you but the developer, please make sure however to implement what does apply to you such as the following:
Firstly you are required to install the latest vendor supplied security patches for all software on your systems within one month of release. Scan at least annually all public facing web-applications and make sure there is a web-application firewall in front of public-facing web applications.
Again, my summaries of each requirement are to help explain the requirements in an easy to understand manner, please refer to the PCI DSS and follow its guidelines to become fully compliant. We are now half way through the requirements and as you can see they are a common sense approach to protecting the security of your customer’s credit card data. I hope this series is making it a little less daunting to comply with PCI DSS. Please don’t hesitate to contact me with any questions.
Russell Harverson has over 9 years experience in the credit card processing industry and has built a reputation for “being there” for all his merchants! The goal of The Merchant Processing Guru is to provide you with the right, cost effective processing solution for your individual business needs, no matter how large, small or different, he has done it all. He is your Guru of Merchant Services, shedding light on the credit card processing industry. To contact him via email: [email protected]
Or call him at: 1-888-368-GURU (4878)