As of early this morning the equipment that runs Merchant’s Mirror is officially PCI-Compliant according to McAfee Secure, one of the world’s largest PCI Approved Scanning Vendors.

Why is this important? In 2005 the credit card issuers (Visa, MasterCard, American Express, Discover) all banded together to get businesses that charged credit cards to adhere to some very basic rules for security.  The rules are mostly common sense.  Things like you must have a firewall, you must maintain appropriate software patches to your server equipment, and you should never store credit card information.  As of today still less than half of all businesses on the Internet are PCI compliant.

McAfee Secure provides a top-of-the-line PCI Compliance scanning service that goes through your web site and performs hack attempts, denial of service attempts, and identification routines all in an effort to simulate a hacker’s attempt to gain access to your equipment.¬† They then report to you any and all vulnerabilities, even if they aren’t really a significant threat, for you to address.¬† In order to be considered “compliant” you must have no current vulnerabilities shown.

These scans will be done at regular intervals throughout the next year to insure that we maintain our compliance.  This helps us as we maintain credit card industry requirements and it helps you feel confident that we are providing an appropriate level security for your data at all times.

For more on PCI Compliance please visit the PCI Security Standards Council web site by clicking here.

This entry was posted on Saturday, December 20th, 2008 at 2:00 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.