This is a set of rules and requirements that Webmama Limited has met and satisfied all standards outlined by the PCI Security Standards council to help prevent fraud, hacking, network architecture, software deployment, and other threats to private cardholder data which are protected and free of any vulnerability that may harm your online business. The main objectives of the PCI DSS are as follows:
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Restrict access to cardholder data b y business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy
- Maintain a policy that addresses information security
You can find and review the complete specification by visiting the URL below.
This guide is intended to help merchants implement the Webmama eCommerce application in a way that is compliant with version the PCI DSS.
Payment Application DSS (PA-DSS)
The Payment Application Data Security Standard was originally created by Visa (as Payment Application Best Practices – PABP) as an aid to software providers to help build secure payment applications. PA-DSS validation proves that an application can be implemented in a way that is compliant with the PCI DSS.
Webmama eCommerce has been designed and certified to meet all of the requirements of the PA-DSS. This does not automatically make you, the merchant, PCI DSS compliant. It is necessary that the recommendations and instructions in this guide are followed.
For additional information about PA-DSS, or to view Webmama eCommerce in the official list of validated applications, please visit the URL below.
PCI Compliance and Validation
The PCI Security Standards Council is not a compliance organisation. They do not require compliance, but individual payment networks may. Visa is one such example. They require you to comply with the PCI DSS, and you must complete some degree of validation based on the annual transaction volume processed. All merchants who handle Visa payments are required to perform at least some level of validation. The URL below directs you to Visa’s Cardholder Information Security Program (CISP) and has complete details and validation procedures.
A qualified security assessor is the only one who can validate your PCI compliance. A current list of assessors is maintained by the PCI and can be found at this URL:
Chief Security Officers performed the PA-DSS certification for Webmama eCommerce. They can be contacted via any one of the following:
Ian Taylor
Director of Security Fulfillment
SecurityMetrics, Inc.
462 East 800 North
Orem, UT 84097
USA
Phone: 1-801-724-9600
Email: |
