What is PCI Compliance?

The major credit card issuers created PCI (Payment Card Industry) compliance standards to ensure that all companies that process, store or transmit credit card information maintain a secure environment. This set of requirements is called the Payment Card Industry Data Security Standard (PCI DSS). All merchants (any entity that accepts payment cards from American Express, Discover, JCB, MasterCard or Visa as payment for goods and/or services) must comply with these standards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards. The payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

The Payment Card Industry Security Standards Council (PCI SSC) manages the PCI security standards.

For merchants, adherence to the PCI standard means they must:

Build and Maintain a Secure Network
Protect Cardholder Data
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy

Auric Systems International has created a companion web site (www.PCIstandard.com) containing in-depth PCI information for our merchants.

Auric builds payment card transaction software designed for use in PCI compliant enterprises. Security is an on-going process, and Auric continues to improve our full compliance with Visa's Payment Application Best Practices guidelines which are derived from the PCI standard. Auric continues to provide software security features and information to support our merchant's ability to comply with PCI requirements.

The current Payment Application Best Practices documentation for Trevance, CreditNow! and CN!Express are available for immediate download.

The goal of the Visa Payment Application Best Practices (PABP) program is to guide developers in the creation of secure applications.

Secure application development follows Payment Application Best Practices, including:

Do not retain full magnetic stripe or CVV2 data
Protect stored data
Provide secure password features
Log application activity
Protect wireless transmissions
Test applications to address vulnerabilities
Implement secure network communication
Never store cardholder data on a server connected to the Internet
Facilitate secure remote software updates
Facilitate secure remote access to application
Encrypt all non-console administrative access
Encrypt sensitive traffic over public networks

Free PCI Compliance Scans

Auric has partnered with McAfee Secure® to provide our merchants with one full year of FREE PCI scans. Our partnership provides significant discounts on additional McAfee Secure® services.

This is a full service PCI compliance program—from the world's largest web site security certification company. Use McAfee Secure® tutorials, self-assessment "Wizard" and unlimited technical support to successfully complete the program within a few hours of enrollment.

This $149 per year program is available FREE when you sign-up with McAfee Secure® from the Auric web site. (Years 2 thru 4 are available for $19.00/year).

We already use the McAfee Secure® PCI Web compliance service on several of our web sites and can attest to the comprehensive utility of this service.

Custom Solutions to assist with your PCI requirements

603-924-0280