Data privacy and security are paramount in building trust with clients. When it comes to the security framework to keep confidential information such as credit card and debit card details, Payment Card Industry (PCI) compliance is the globally accepted standard. The PCI Data Security Standard (DSS) is a collection of technical and documentary compliance which protects and secures payment card data.
Regulations followed by PCI Compliant Companies
PCI DSS regulations are designed to securely protect identifying information on payment cards, such as names of card holders, verification PINs, expiration dates, account numbers. The PCI DSS standards is a set of technical requirements which protect and secure payment card data. Being PCI compliant means that the company’s systems and IT infrastructure are up to date to ensure that the cardholder data collected from customers are secure.
Compliance and Certification with International Standards
Over the years, Eastvantage has always taken steps to follow data privacy and security guidelines to be compliant with international standards. As of 2020, Eastvantage is officially GDPR compliant, PCI-DSS compliant, and is currently undertaking steps towards ISO 27001 certification. With a dedicated Data Protection Officer keeping things in check and taking steps in acquiring certifications and an IT team to implement data and security updates as necessary, Eastvantage maintains its compliance to global data privacy and security standards.
Technical Requirements in Protecting Client Data
Majority of the items that need to be accomplished for PCI certification are under IT. Eastvantage’s IT team upgraded its infrastructure in order to comply with the PCI DSS requirements.
Firewalls enabled on all systems
- With firewalls enabled, Eastvantage’s sytems are protected from unauthorized access, cyber attackers, and malicious or unnecessary network traffic.
Proper password protections in place
- Eastvantage keeps a list of all devices and software which require a password. In addition to a device/password inventory, basic precautions and configurations are also enabled (e.g., changing the password, strong password policy).
Antivirus software enabled on all systems
- Eastvantage has anti-virus software installed on all devices that interact with and/or store cardholder data. This is and will be regularly patched and updated.
Properly updated software
- Eastvantage will update its firewalls and antivirus software on a regular basis.These updates are especially required for all software devices that interact with or store cardholder data.
Access logs in place
- All activities dealing with cardholder data and primary account numbers (PAN) will require a log entry. Software products to log access are also enabled to ensure accuracy.
Document policies
- Eastvantage keeps an inventory of equipment, software, and employees that have access to cardholder data. How information flows into our systems, where it is stored, and how it is used after the point of sale are documented and updated regularly.
Scan and test for vulnerabilities
- Vulnerability scanning is an inspection of the potential points of exploit on a computer or network, to identify security holes. Eastvantage will conduct a vulnerability scan at least quarterly to detect and classify our system’s vulnerabilities in computers and networks. With this, the vulnerabilities detected will be patched accordingly.
Restricted physical access
- All cardholder data and other documents with sensitive information are stored in a secure area. There are designated lockable cabinets for each team/department.
Encryption of data
- Eastvantage protects cardholder data and other sensitive information by enabling data encryption which is one of the most effective data security methods used by organizations.
As a PCI DSS certified company, Eastvantage’s top priority is to maintain this compliance and regularly check on the security measures in place until the renewal of the certification in the following years.
Eastvantage provides expert solutions for your outsourcing needs. We are ready to take on challenges while providing our clients with the utmost security in handling the most sensitive information – electronic payments. Contact Eastvantage today and let us help you find the best outsourcing solution for your business.