The answer is YES, our Bankcard Pros CRM is compliant and certified, even though our CRM software does not store credit card data! Since partnering with Trust Guard http://www.trust-guard.com, our CRM software is scanned on a monthly basis for over 42,000 known vulnerabilities which helps to protect our CRM software from Hackers, Trojans, worms and viruses.
We highly recommend our customers to contact Trust Guard and subscribe to their services and have your CRM site scanned on a monthly basis to insure your CRM is secure, especially if you host your CRM yourself. Although our CRM software is compliant and certified, we do not guarantee anything and are not responsible for any unauthorized access or loss of your data. Their service is around $25.00 and up to $45.00 depending on how frequent you want your CRM site scanned.
Statistically there's a huge chance (over 80%) that any site is currently vulnerable to Worms, Trojans and Hackers! That's why merchant banks and credit card companies are pushing so hard for PCI compliance. A PCI Compliance scan and Certification will make your Merchant Bank happy, but what's more important is it could save you from losing your business, and ten's of thousands of dollars in fines and penalties should a breach ever occur.
We also add hundreds of new vulnerabilities every month to ensure that your site is always up-to date with the latest protective measures.
For most people, the world of PCI (Payment Card Industry) is very complicated, frustrating, and extremely boring. So, in an effort to help you keep your sanity, I've put together the following information for every online business owner that's been told that they need PCI Scanning or PCI Compliance for their website, but don't ever get a straight answer as to what it is, why they need it, what to do about it, or how to get it. My goal here is to simplify PCI for you so that you can make a clear, educated decision and weigh your options on your terms. You won't find any other resource like this online, so be sure to bookmark it so you can easily access it again. I should also mention that while we go to great lengths to provide you with as accurate information as possible, we don't make the rules, laws and/or regulations that govern PCI, and the information below may change at any time. So, if your bank or acquirer (that's one of those ambiguous words I'll define for you below) tell you something different than what is stated below, we recommend you follow their instructions. This document is for information purposes only. For the official 'migraine-inducing' documentation, go to www.pcisecuritystandards.org.
No comments:
Post a Comment