iClassPro recognizes the importance of data security to protect our merchants and their customers. In accordance with the PCI DSS (payment card industry data security standards), iClassPro Payment Services is a Level 1 PCI Compliant Service Provider.
Compliance for Merchants:
Although iClassPro securely processes and stores card data for you, you will still need to complete PCI’s annual Self-Assessment Questionnaire (SAQ). You can find the SAQ and instructions on the PCI website at www.pcisecuritystandards.org.
Below is an example of some of the items a merchant compliance assessment will check for:
- The use of an up to date firewall between any public network (like free wifi) and the transmission of cardholder data over it or a related network.
- Any cardholder data stored on file must be protected with a strong encryption system.
- The transmission of cardholder data between your business and your processor must be protected with a strong encryption.
- Antivirus software must be installed and kept up to date on all machines dealing with cardholder data. Regular visual inspections of these machines for unwanted devices is also recommended.
- Vendor-supplied passwords that come with network equipment or hardware devices used in payment processing must be replaced with new passwords after receipt.
- Vendor-supplied security patches for hardware and software devices must be kept up to date.
- Each user accessing or processing cardholder data should be supplied with unique identification so that they can be held accountable for their own actions in cardholder systems.
- Physical access to terminals, computers or other hardware with access to the cardholder information or processing systems should be restricted and access should be actively monitored.
- All employees should be informed and updated on any and all security policies dealing with cardholder transactions.