System Five Add-Ons & Integrations help simplify the way you do things.
Our catalog of services has topic-based, role-based, or technical plans that can help you maximize your software investment.
Copyright © 1984-present
Windward Software Systems Inc.
All Rights Reserved.
Privacy Policy
This is an old revision of the document!
Windward Software Inc
Payment Card Industry (PCI) has developed security standards for handling card holder information in a published standard called the PCI Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit card holder data. The PCI DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where card holder data is stored, processed or transmitted
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Card holder Data 3. Protect Stored Data 4. Encrypt transmission of card holder data and sensitive information across public networks
Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique Id to each person with computer access 9. Restrict physical access to card holder data
Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and card holder data 11. Regularly test security systems and processes
Maintain an Information Security Policy 12. Maintain a policy that addresses information security
System Five uses AES256 encryption
The PCI DSS requires that access to all systems in the payment processing environment be protected through use of unique users and complex passwords. Unique user accounts indicate that every account used is associated with an individual user and/or process with no use of generic group accounts used by more than one user or process. Additionally any default accounts provided with operating systems, databases and/or devices should be removed/disabled/renamed as possible, or at least should have PCI DSS compliant complex passwords and should not be used. Examples of default administrator accounts include “administrator” (Windows systems), “sa” (SQL/MSDE), and “root” (UNIX/Linux).
The PCI standard requires the following password complexity for compliance (often referred to as using “strong passwords”):
Administrator Sessions idle for more than 15 minutes should require re-entry of username and password to reactivate the session. | Note: |System Five can automatically log out all users after 5 minutes of inactivity. |