PCI Compliance

PCI Compliance 2017-07-20T20:07:59+00:00

It’s no secret that online vendors are susceptible to credit card fraud and so credit card companies have long sought for ways to curtail this. All fulfillment vendors are required to adhere to the requirements set by the PCI Security Standards Council, without exception.

We adhere to PCI Compliance and follow the PCI security compliance requirements specified by the Payment Card Industry Program. These are a set of procedures designed to ensure financial data security and minimize credit card fraud in online transactions.

Transmission of a cardholder data across open public networks such as from a shopping cart to our Warehouse Management System (WMS) must be encrypted. We ensure this PCI compliance by insisting this data be encrypted in the fulfillment order files our clients send us daily from their shopping carts or internal applications.

PCI Compliance also stipulates that merchants maintain a detailed log of who has access and who looked at that data. This become crystal clear when you consider that many merchant compromises are not limited to hackers, but also stem from employees. We maintain a security data access log as part of our PCI security compliance, and we further that by performing background tests on our employees.

We also restrict access to cardholder data as part of our PCI compliance. The data is encrypted in our WMS. The data is purged, and each user’s access to the secure data is recorded.

We realize this is a lot of technical details – yet another benefit for you in using a Fulfillment partner such as us! We handle this and so much more so you don’t have to.

PCI security compliance requirement

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored data
  • Encrypt transmission of cardholder data across open, public networks
  • Use and regularly update anti-virus software
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security

Losses due to fraudulent payments are greatly diminished with the use of PCI compliance, and your consumers are happy and confident knowing we provide the security they seek when placing fulfillment orders online.

PCI compliance at Global Response

  • Our WMS was audited by a PCI Approved Vendor and is Payment Application Data Security Standard (PA DSS) compliant
  • Complete encryption of sensitive card data (AES 256 encryption methodology)
  • Data cannot be decrypted outside of your individual licensed WMS
  • Encryption key is unique to our WMS
  • Ability to change encryption key to re-encrypt credit card data at least once every 12 months or after terminations
  • Purging credit card numbers on completed orders, or specify the number of days in between purges
  • Ability to view and audit all card processing activity
  • Log functions keep a record of user activity with option to view, truncate, and restore log
eCommerce Fulfillment

We are committed to you and your business.

Remember, as your eCommerce Fulfillment Services partner, we are here for you – and your customers – at every step of the way.

Let’s Get Started!

Related Articles

The State of 3PL in the U.S.

By | May 16th, 2018|Categories: 3PL|

It’s all coming up roses for 3PLs in the US for the foreseeable future, according to the 21st Annual Third-Party Logistics Study by Capgemini Consulting. Over 90 percent of both 3rd party logistics users and [...]

Load More Posts