Application security and Payment Card Industry (PCI) compliance are topics of enormous interest to many Peachtree Solutions clients. Our guidance saves them money and helps them manage risk.
2 Places at 1 TimeService - and Security - With a Smile
2 Places At 1 Time is a leading corporate concierge service. One of the keys to the company’s success is an efficient request fulfillment process that stores sensitive personal and financial information.
Obviously, this data must be secure. And today, companies taking credit cards online must “prove” their data security compliance by meeting the Payment Card Industry (PCI) Data Security Council’s 70+ pages of requirements.
PCI compliance requires a fair number of hurdles, many of which our client already met. For example, data access must be restricted to authorized individuals, and the network and hosting facility must meet the strictest security standards. But the company also had to complete a 50-page self-assessment questionnaire and pass network vulnerability scanning by an accredited third-party scanning provider.
We helped 2 Places At 1 Time wade through the complicated requirements and self-assessment process, and make the architectural and infrastructure changes necessary to meet the vulnerability scanning requirements. All of this for a price that didn’t break the bank.
Fisheye ConnectNothing Fishy About PCI Credit Card Security
Fisheye Connect had a great concept: a dynamic, easy-to-use eCommerce site to connect photography students with photography workshops nationwide. Naturally, the business runs on its ability to process online credit card payments — thousands of them — securely. With all of this sensitive data going through the company’s server, Payment Card Industry (PCI) compliance was an absolute must, both to mitigate risk and reduce liability for the client, and to give website users confidence that their credit card data is being handled properly.
To meet the PCI Security Standards Council’s 70+ pages of requirements, Peachtree Solutions built the entire Fisheye Connect application with PCI compliance in mind. For starters, the software was designed to accommodate rigorous password and audit requirements, and meet strict standards for how credit card numbers are transported through the system. Account access is controlled, recorded and monitored.