FTP Today provides every possible control for you to securely safeguard cardholder information compliant with PCI-DSS security standards.
The Payment Card Industry Data Security Standard is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. The latest version specifies 12 requirements for compliance, organized into six logically related groups, which are called “control objectives”.
|Control Objectives||PCI DSS Requirements||FTP Today’s Practice|
|Build and Maintain a Secure Network||1. Install and maintain a firewall configuration to protect cardholder data||FTP Today maintains a secure firewall at the perimeter of its network.|
|2. Do not use vendor-supplied defaults for system passwords and other security parameters||FTP Today never uses default system passwords.|
|Protect Cardholder Data||3. Protect stored cardholder data||FTP Today recommends that you pre-encrypt cardholder data prior to uploading files to our server. However, should you prefer an automated server-side encrypted storage mechanism, we offer that option.|
|4. Encrypt transmission of cardholder data across open, public networks||Encrypted protocols are included with all FTP Today subscriptions. Administrators control the enforced use of encrypted transmission.|
|Maintain a Vulnerability Management Program||5. Use and regularly update anti-virus software on all systems commonly affected by malware||FTP Today’s office systems, such as Windows desktops, are configured with regularly updated anti-virus software.|
|6. Develop and maintain secure systems and applications||See Security for details.|
|Implement Strong Access Control Measures||7. Restrict access to cardholder data by business need-to-know||FTP Today has no knowledge of your business and the type of data you transmit through our service.|
|8. Assign a unique ID to each person with computer access||Your FTP Today subscription allows you to assign a unique login ID to each person.|
|9. Restrict physical access to cardholder data||FTP Today operates within a high-security data center that requires biometric + card +pin for physical access. FTP Today servers are within locked cabinetry on the data center floor.|
|Regularly Monitor and Test Networks||10. Track and monitor all access to network resources and cardholder data||FTP Today logs all historical access activity and makes those detailed logs available to you at all times.|
|11. Regularly test security systems and processes||See Security for details.|
|Maintain an Information Security Policy||12. Maintain a policy that addresses information security||See Security for details.|