About Thawte

• Contact Us
• Worldwide Sites
• Why Thawte

In order for any organization to in any way be involved with payment card transactions, they must ensure that they are compliant with the Payment Card Industry Data Security Standard.

Although every merchant has different requirements when it comes to PCI compliance, the standards extend to any business that handles, maintains or transmits payment cards and associated sensitive customer information. These guidelines were implemented to create a secure environment for electronic payments, and must be adhered to not only for data protection, but to inspire customer trust.

Benefits of PCI compliance
While some may grumble at the requirements included in PCI compliance, organizations that have implemented the guidelines have realized the plethora of benefits that this concession can provide. In addition to creating a trustworthy reputation, customers will be more confident in doing business with these companies. In addition, these individuals will recommend these brands to other consumers, boosting a business's client base and revenue streams, noted the PCI Security Standards Council.

Furthermore, these standards lower the risk of an organization becoming a victim of a data breach. These instances can be embarrassing and costly for an establishment, as each incident can result in fines as high as $500,000. Therefore, it is in a company's best interest to follow PCI rules as those that stand a much better chance of withstanding a data breach.

How to become PCI compliant
The first step in becoming a PCI compliant organization is for administrators to investigate the requirements in place for their business. Standards can vary depending on what payment card content is dealt with, so it is in decision makers' best interest to do their homework.

The Better Business Bureau also advised implementing encryption of cardholder data in transmission. This can be achieve using an SSL certificate, which provides the optimum level of website security. In this way, transactions completed over online portals have the best-in-class protection against threats.

SSL certificates can offer a high level of website security when it comes to payment card information, but should be part of a layered protection strategy. BBB also recommends utilizing and maintained updated firewalls and monitoring systems to oversee the network. In addition, businesses should have a strategy in place to restrict access to payment card information. Every employee with permission to view this data should have a unique login credentials to allow for better information management. Passwords should be a mix of characters and changed frequently for the best security. Once all protection components are in place, these systems should be regularly tested to ensure that they function correctly.

There are several practices that PCI compliant organizations must avoid for improved protection as well. BBB stated that payment card data like the number, expiration date, and CVV or CVC code should not be stored after the information is authorized. This data should never be stored in plain text on any endpoint, and always be encrypted. Furthermore, encryption keys should be heavily guarded and not maintained in multiple places beyond the original and a backup stored with the service provider.

When an organization has been identified as compliant with these standards, administrators should create a security policy that encompasses these requirements.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950