Credit card and personal data security is a topic that’s constantly in the news these days, and you may have heard or read about PCI Data Security Standards or PCI Compliance for businesses that handle these sensitive types of information. Senior Systems takes data security very seriously, and this article provides some background to explain what exactly is meant by PCI Compliance and how it relates to the Senior Systems suite of software products. PCI Compliance at Senior Systems Part 2 will go into more detail about what we’ve been doing recently here at Senior Systems to become certified as PCI Compliant, and what that means to your school.
The acronym PCI stands for “Payment Card Industry” and the PCI Data Security Standards are an industry-wide set of rules and best practices that are meant to ensure the privacy and security of financial transaction details, such as account number or credit card number, cardholder name and address, expiration date, security code, etc. By extension, there are other related items of sensitive personal data, such as Social Security Numbers, PINs, and passwords, that must also be secured in order to protect the financial data.
Companies can be certified as being PCI Compliant if they meet the appropriate data security standards for the type of business they conduct. Banks, credit card companies, and merchant account providers (who must store all details of financial transactions) have the most stringent security requirements. Businesses that collect and transmit financial transaction data but do not store it are considered “service providers.” Senior Systems falls into the service provider category, since our software applications simply transmit financial transaction details to the merchant account providers who then process them. With the release of Ascendance version 92_4, a few small changes were made to all of the Ascendance and My BackPack applications, to ensure that our software does not store any unnecessary details about financial transactions.
PCI Compliance, however, goes well beyond just protection and storage policies for financial transaction details—it also involves network security, access control, company policies and procedures, and most importantly, plans for continued monitoring and testing of the network, in order to quickly detect and address emerging threats. To make sure that we are properly addressing all 6 categories of PCI Data Security Standards (shown below), Senior Systems has engaged the services of Dell SecureWorks, a leading national PCI Compliance service provider, to assess, advise, and monitor our systems.