For almost fifteen years, Volusion has maintained compliance with the Payment Card Industry’s Data Security Standard (PCI DSS). This standard started through extensive cooperation by the card brands (Visa, MasterCard, etc.) to ensure that businesses who process card data do so securely. Version 1.0 of the standard was released in 2004 and Volusion led the way to quickly integrate its requirements into business practices. In early 2006, Volusion completed its first audit and has remained compliant ever since. Categorized as a Level 1 Service Provider, Voluison is held to the strictest level of compliance to the PCI DSS.
The PCI DSS is broken into six high level goals to be accomplished by meeting twelve requirements (see below). Each requirement is further broken down into numerous sub-requirements (over 200 in all).
|GOALS||PCI DSS REQUIREMENTS|
|Build and Maintain a Secure Network||1. Install and mantain a firewall configuration to protect cardholder Data|
|2. Do not use vendor-supplied defaults system passwords and other security parameters|
|Protect Cardholder Data||3. Protect store cardholder data|
|4. Encrypt transmission of cardholder data across open, public networks|
|Mantain a Vulnerability Management Program||5. Use and regularly update anti-virus software or programs|
|6. Develop and mantain secure systems and applications|
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by bussiness need-to-know|
|8. Assign a unique ID to each person with computer access|
|9. Restrict physical access to cardholder data|
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data|
|11. Regularly test security systems and processes|
|Mantain an Information Security Policy||12. Maintain a policy that addresses information security for employees and contractors|