Home / Quest Suite™ Software / E-Commerce Solutions

E-Commerce Solutions

Quest E-Commerce Solutions PCI Compliance

12 Principles of PCI DSS

 

PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The result is a comprehensive standard intended to help organizations protect consumer cardholder data.

 

Below are the twelve principle requirements of PCI DSS.

Quest SuiteTM is a restricted eCommerce solution to allow Patrons to pay for outstanding Fees and Fines to the Library and Institutions. To process a Credit/Debit card, the patron must be present and the Patron must slide the card through a card swipe attached to the eCommerce station. In this way, Card Present Processing, no entry of Credit/Debit cards is ever requested therefore eliminating the fraudulent use of Debit/Credit cards.

I addition, our eCommerce solution uses an encrypted transmission protocol to process the payment through your chosen Merchant Account. Although we do log payment transactions in a secure audit file, only the last 4 digits of the Credit/Debit card are retained. The audit file is used only for a cross reference of payments made to the Institution. Also the modules used to process the Credit/Debit card are fully PCI compliant.

The 12 steps below are addressed in respect to the Quest SuiteTM eCommerce solution.

Build and Maintain a Secure Network

1- Install and maintain a firewall configuration to protect cardholder data

Any device upon which the eCommerce solution is installed is protected with an appropriate Firewall. Also because the solution is within the boundaries of the Institution, there is the added protection of the Institutions firewall. 

2- Do not use vendor-supplied defaults for system passwords and other security parameters

Vendor installed passwords are deactivated once the system is installed and tested. Once this is done passwords for the Institution are set.

Protect Cardholder Data

3- Protect stored cardholder data

Card holder data is protected on a secure database and only the last 4 digits of the card are retained

4- Encrypt transmission of cardholder data across open, public networks

All transmissions to the credit/debit card clearing house or merchant processing center is sent through a secure encrypted data port.

Maintain a Vulnerability Management Program

5- Use and regularly update anti-virus software

Anti-virus software is update on a regular basis both through the institutions anti-virus procedure as well as the devices anti-virus software

6- Develop and maintain secure systems and applications

The Institution should maintain internal polices and procedures in respect to secure systems and applications

Implement Strong Access Control Measures

7- Restrict access to cardholder data by business need-to-know

Card Holder data is only available through the Merchant Account.

8- Assign a unique ID to each person with computer access

This is accomplished with Unique User id’s and Passwords to the computers the eCommerce solution is operating on.

9- Restrict physical access to cardholder data

There is no physical access to card holder information.

Regularly Monitor and Test Networks

10- Track and monitor all access to network resources and cardholder data

Our audit file provides a log of transactions processed. However only the last 4 digits of the card are retained.

11- Regularly test security systems and processes

The Institution should conduct a security test in respect to their internal Polices and Procedures.

Maintain an Information Security Policy

12- Maintain a policy that addresses information security

Institutions should retain a Policy and Procedure manual to address information security.

Top