It is important to note that while Avactis is an integral part of the chain in obtaining PCI Compliance, it is necessary to implement Avactis in a PCI compliant hosting environment.
If Your current hosting service is not PCI-compliant, we recommend to change the hosting or choose our own Avactis Shopping Cart hosting.
There are 6 steps of PCI compliance security standards
|PCI Data Security Standard||Requirement||Avactis Solution|
|Step - 1: Build and Maintain a Secure Network||
||Avactis hosting servers run time-proved software: CentOS, Plesk, Advanced Policy Firewall, Rootkit Hunter. Server status is being constantly monitored and all servers undergo regular security checks.|
|Step - 2: Protect Cardholder Data||
||Cardholder and card data stored in database is encrypted by RSA algorithm. Private key is located at store administratorï¿½s local computer only.Cardholder and card data collected during checkout is encrypted by Blowfish algorithm. Secret key is passed using HTTPS encryption only.|
|Step - 3: Maintain a Vulnerability Management Program||
||All the installed software on our hosting servers is timely updated. Security fixes are installed immediately.|
|Step - 4: Implement Strong Access Control Measures||
||In order to view credit card data, store administrator has to upload his private key from his local computer.After key upload the data is decrypted and displayed, while the key is instantly deleted. All these operations are performed over an HTTPS connection to make data interception impossible.|
|Step - 5: Regularly Monitor and Test Networks||
||All cardholder data decryption operations are logged. Store administrator can see a report of card data views at any time.|
|Step - 6: Maintain an Information Security Policy||
||Inner information security policy for employees and contractors.|
Avactis Compliance With PCI
Cardholder data protection in Avactis is provided for both offline and online payment methods.
If the order processing is carried out on-line, double protection is possible. In addition to the Blowfish or RSA encryption, data can also be encoded with the certificate-based encryption during transmission over networks, as Avactis supports SSL certificates of all types.
For more information on PCI compliance please visit the PCI Security Standards Council website.