PCI DSS (Payment Card industry Data Security Standard) is currently taxing the minds of merchants up and down the land. PCI DSS is a recently introduced standard by the card suppliers to protect end user customers.
Its requirements are far reaching – here is what your business must do:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Could you be Breaking Compliance?
Here is the major conflict companies currently have. A robust, offsite backup routine requires data to be stored in a geographically separate location to the source data. This is no different for a PCI DSS compliant business.
Business Example
You run a business that carries out many card transactions daily with all the major card suppliers such as Mastercard and VISA. You are already aware of PCI DSS and have invested heavily in your network security, and have established a strong firewall to protect your customer data. You have also taken steps to meet the other requirements.
Current Backups
Your legacy backup solution involves taking a daily copy of all data onto a tape or disk. Neither the tape or disk is encrypted so PCI DSS says you should not even copy the data, let alone take this data offsite.
Warning: The minute this tape or disk is taken offsite you have broken PCI -DSS compliance
How Online Backup Can Help
A Secure Online Backup Service will make your business completely PCI DSS compliant. Your nightly backups will be transmitted securely using strong encryption, and will be held offsite in a secure data centre in encrypted form. At no stage can anyone access your raw data. In the event of a restore being required, you use a simple GUI interface to highlight the files that have been lost, and the files are transmitted back to your network completely encrypted. Only when the backup data is within my firewalled network will the encryption be unravelled.
Backup Technology already protect many major retailers such as LK Bennett as part of our PCI DSS compliant online backup service. Please visit www.backup-technology.com for more information