PCI Compliance

PCI Compliance in Fulfillment Services

Credit card fraud and data theft aren’t new concepts for online vendors. It seems like even as eRetailers get more savvy at protecting themselves, information thieves get a little bit sneakier and a lot smarter.

Because personal and credit card data can be used in incredibly damaging ways when in the wrong hands, all of our fulfillment vendors are required to adhere to PCI Security Standards Council requirements.

This way we can do everything possible to protect ourselves, our merchants and their customers from being part of this unwanted and nefarious activity.

PCI Compliance Requirements That Affect Your Company

The Payment Card Industry Security Standards Council is in charge of administering data security programs meant to protect credit card information. These originate from five major credit card companies, including:

Visa’s Cardholder Information Security Program
MasterCard’s Site Data Protection
Discover’s Information Security and Compliance

The PCI Data Security Standard (PCI DSS) applies to all companies that accept credit and debit cards as payment methods. It doesn’t matter if your company stores that data or not, you’re expected to achieve and maintain PCI DSS compliance.

PCI & Your 3PL

These are just a few ways PCI DSS is applied here at ShipWizard:

All transmissions of cardholder data across open public networks are encrypted. That means that, for example, transmitting shopping cart information to our warehouse management system (WMS) has to be done securely.Every fulfillment order file from our clients are protected with encryption.
Logs of anyone who has looked at the data in question, along with all employees who would have access to it, are generated with granular detail. Because so many data breaches originate with employees, it’s vital that we know who has been accessing data in our facilities.Our security logs are PCI DSS compliant and every one of our employees has had a background check.
Cardholder data is closely restricted. Not only is data tightly encrypted in our WMS, it’s regularly purged and each user that has accessed this secure data is recorded on an access log that can be reviewed if there is any suspicious activity.

It’s good to know that your 3PL has invested in the technology needed to keep everyone’s data safe.

PCI DSS Mandated Requirements

In order to continue to maintain our PCI DSS-compliant status, we have a lot of rules to follow and plenty of steps we have to continually review in order to give your data the care it really needs.

These may seem like a lot of bureaucratic headaches, but the truth is that each of the PCI DSS requirements are meant to increase data security and protect your customers.

The PCI DSS requirements that ShipWizard are held to are listed below:

Install and maintain a firewall configuration to protect cardholder data
Avoid vendor-supplied defaults for system passwords and other security parameters
Protect stored data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software
Develop and maintain secure systems and applications
Restrict access to cardholder data
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Test security systems and processes regularly
Maintain a policy that addresses information security

Reducing your losses to credit card fraud, as well as protecting your customers’ data, are why we work so hard to maintain our end of PCI DSS compliance. Even though your shoppers will never know how much you’re doing for them behind the curtain, they will know that they can trust you with their credit card information. That means a lot in a world where it seems like data breaches have become the norm.