PCI Compliance
PCI compliance is important to every online retailer. To help keep you and your customers protected, below is important information on how to implement SunShop to meet today's strict PCI security standards.
What is PCI Compliance?
The Payment Card Industry (PCI) oversees the network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB. These important guidelines are known as the PCI Data Security Standards (DSS), and establish the "minimum security standards" required of merchants who accept credit card payments. The purpose of these standards is to protect consumers' payment card information.
All merchants that store, transmit, or process payment card information must remain in full compliance with PCI DSS. Below are the 12 requirements that must be met to be considered PCI DSS compliant:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software.

Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know.

Requirement 8: Assign a unique ID to each person with computer access.

Requirement 9: Restrict physical access to cardholder data.

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

Build and Maintain a Secure Network

Requirement 12: Maintain a policy that addresses information security.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

Configuring SunShop to meet PCI DSS
To configure your SunShop shopping cart in compliance with PCI DSS, please follow these three important steps:
1
Always use a secure connection when transmitting cardholder data to your payment gateway for processing.
2
Do not use the "Store Card Details" function within the Credit Card module when working within a production environment (live site). If this feature is enabled within a live site, the credit card data will be stored in the database, creating further requirements for PCI compliance.
3
Consider using a PCI-compliant scan service.
Please note that while your SunShop ecommerce software is an integral part in the chain of obtaining PCI compliance, it is necessary to implement SunShop in a PCI-compliant hosting environment. Our recommendations are meant to help you configure SunShop to meet the PCI DSS. For more information on PCI compliance, please visit the PCI Security Standards Council website at https://www.pcisecuritystandards.org/.