Filter
Top Products
Important Security Notice
Simple Explanation: In June 2001, Visa mandated its Cardholder
Information Security Program (CISP). This program is a standard for securing
cardholder data, wherever it is located. Visa states that CISP compliance is
required of all entities that store, process, or transmit Visa cardholder data.
This includes merchants who use PCCharge to process transactions. The
information given in this section explains how CISP may affect your business.
CISP Requirements
In order for you to protect yourself, you must comply with the twelve basic CISP
requirements listed below. These are the most current requirements as of the printing of
this manual, but you should check Visa's website (
http://www.visa.com/cisp) for the most
up-to-date requirements.
1. Install and maintain a working firewall to protect data
2. Keep security patches up-to-date
3. Protect stored data
4. Encrypt data sent across public networks
5. Use and regularly update anti-virus software
6. Restrict access by "need to know"
7. Assign unique ID to each person with computer access
8. Don't use vendor-supplied defaults for passwords and security parameters
9. Track all access to data by unique ID
10. Regularly test security systems and processes
11. Implement and maintain an information security policy
12. Restrict physical access to data
In addition to these requirements, Visa also provides sub-requirements to which merchants
must adhere. It is suggested that you contact Visa or visit their website
(
http://www.visa.com/cisp) to learn more about CISP requirements and compliance.
(
Note: Other card associations, such as MasterCard, Discover, and American
Express, have established programs cardholder security programs as well.
These programs are similar to CISP. You should become familiar with these
other security programs as well.
Merchant Responsibility
WARNING: Although VeriFone, Inc. has designed PCCharge to properly
secure cardholder information according to CISP guidelines, it is ultimately the
merchant’s responsibility to secure the system on which PCCharge resides and
the environment in which it is used.
The following guidelines should be implemented in your payment processing environment.
This information will help you to protect all areas (the network, individual PCs, laptops,
servers, databases, backup data, logs, etc.) that store or transmit cardholder data.
11