PCI Compliance

We are not PCI Compliance consultants. The following is not legal advice and is only intended to be used as a guideline for PCI Compliance. Please consult with a PCI Compliance expert when making your server PCI Compliant.

What is PCI Compliance?

PCI Compliance is a set of security standards defined by the Payment Card Industry Security Standards Council. PCI compliance is designed to secure credit card information stored on your server and thereby prevent credit card fraud.

What are the PCI Compliance Requirements?

Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect cardholder data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

  1. Protect stored cardholder data
  2. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  1. Use and regularly update anti-virus software on all systems commonly affected by malware
  2. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes

Maintain an Information Security Policy

  1. Maintain a policy that addresses information security

How does Member Guardian help achieve PCI Compliance?

If you choose to store credit cards using the Member Guardian system, here's how Member Guardian helps you maintain PCI compliance:

  • Credit card information is encrypted within the MySQL database. Note that this is two-way encryption, meaning that should a hacker attain your program SALT key, they would be able to decrypt the information,
  • Credit card numbers are never visible on the admin control panel or the member control panel.
  • Transmission of credit card information requires an SSL connection.
  • Member Guardian prevents brute-force login attacks by locking out users and administrators after several failed attempts.
  • We provide guides on how to create strong and secure passwords.