Many small businesses will allow customers to pay by credit card and so may be asked to install Sysnet Protect by Barclaycard – but if you already have a grown up approach to IT security and support then you are likely to have a suitable security platform in place. In this case Sysnet Protect is not only surplus to requirements but could cause you problems by conflicting with the functions of existing security tools.
We have discussed this with Barclaycard Security advisors who have confirmed Sysnet Protect is entirely optional and is not required in order for you to maintain PCI compliance.
What you must do to maintain PCI compliance.
Of course there are things that you should be doing already to maintain this compliance. A quick scan of the Barclaycard guidance – which you should have read – reveals some key points to consider. In order to maintain PCI compliance you must:
Build and maintain a secure network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor supplied defaults for system passwords and other security parameters
Protect cardholder data
3. Protect stored data (use encryption)
4. Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a vulnerability management program
5. Use and regularly update anti–virus software
6. Develop and maintain secure systems and applications
Implement strong access control measures
7. Restrict access to data by business need–to–know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly monitor and test networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy
12. Maintain a policy that addresses information security
Need PCI Compliance Support?
We recommend you review this list and if you need to ensure your obligations are being met, talk to us.
NOTE: This information was extracted from the Barclaycard Data Security Manager FAQ