Application security and Payment Card Industry (PCI) compliance are topics of enormous interest to many Peachtree Solutions clients. Our guidance saves them money and helps them manage risk.
2 Places at 1 Time
Service - and Security - With a Smile2 Places At 1 Time is a leading corporate concierge service. One of the keys to the company’s success is an efficient request fulfillment process that stores sensitive personal and financial information.
Obviously, this data must be secure. And today, companies taking credit cards online must “prove” their data security compliance by meeting the Payment Card Industry (PCI) Data Security Council’s 70+ pages of requirements.
PCI compliance requires a fair number of hurdles, many of which our client already met. For example, data access must be restricted to authorized individuals, and the network and hosting facility must meet the strictest security standards. But the company also had to complete a 50-page self-assessment questionnaire and pass network vulnerability scanning by an accredited third-party scanning provider.
We helped 2 Places At 1 Time wade through the complicated requirements and self-assessment process, and make the architectural and infrastructure changes necessary to meet the vulnerability scanning requirements. All of this for a price that didn’t break the bank.
Christian Copyright Solutions
Credit Cards? PCI Compliance? No Problem!
Like many businesses, Christian Copyright Solutions accepts credit cards for payment online. This means the company’s website must be compliant with the Payment Card Industry (PCI) Standards Council’s strict requirements.
Becoming PCI compliant isn’t easy. The PCI Data Security Standards cover 70 pages, and include rigorous requirements for passwords, account access and data handling. Quarterly vulnerability scanning and reporting is required, as well as a 50-page self-assessment questionnaire. Plus, the network and servers must meet PCI security and firewall requirements, and the hosting facility must pass stringent tests.
While this comprehensive compliance process can be daunting, with Peachtree Solutions help, the process went quickly for Christian Copyright Solutions. Because we built the company’s applications and host its site at a Tier One facility, all the requirements were already met. We managed the compliance paperwork from beginning to end, and the process was a breeze.
Fisheye Connect
Nothing Fishy About PCI Credit Card SecurityFisheye Connect had a great concept: a dynamic, easy-to-use eCommerce site to connect photography students with photography workshops nationwide. Naturally, the business runs on its ability to process online credit card payments — thousands of them — securely. With all of this sensitive data going through the company’s server, Payment Card Industry (PCI) compliance was an absolute must, both to mitigate risk and reduce liability for the client, and to give website users confidence that their credit card data is being handled properly.
To meet the PCI Security Standards Council’s 70+ pages of requirements, Peachtree Solutions built the entire Fisheye Connect application with PCI compliance in mind. For starters, the software was designed to accommodate rigorous password and audit requirements, and meet strict standards for how credit card numbers are transported through the system. Account access is controlled, recorded and monitored.
