Site
Web

PCI Compliance

Security of your customer’s personal information and credit card data is our number one priority at Smith Consulting and our products are built to be fully PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. The standard applies to anyone who accepts credit or debit card transactions and requires for you to successfully complete and file an annual assessment of your ability to safeguard card data. The PCI DSS is administered and managed by the PCI SSC www.pcisecuritystandards.org an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).

Most software vendors and processors take a hands-off approach to the whole assessment process sending you to a third party provider. Smith Consulting has modified every application that processes, stores, transmits credit card numbers to become PCI compliant. We have implemented PCI standards regarding secure storage of data, strong access control, and other requirements.

Our licensed PCI compliant technology gives you peace of mind that you are protecting your customers personal information.
Credit Card Encryption – All our ecommerce product store credit card numbers in the database using RSA 256 bit encryption which is an approved encryption by PCI.
Card Security Code – CVV/CID on the back of a credit card is collected from the user and sent to the payment gateway for authorization but is never stored in the database.
SSL – All our products fully support SSL
Hack Proof - Our products have undergone rigourous testing validation for SQL injection and cross site scripting to prevent unauthorized access to the database.
Sensitive customer data like passwords are encrypted using 256 bit encryption.
Our applications are programmed to prevent cross site scripting and sql injection attacks.

The following are PCI requirements that are specific to your installation and need to be followed in order for you to be PCI compliant

In your web.config file connection string use integrated sql security instead of mixed. SQL server integrated security is more secure
Make sure permissions are locked down on sql server to the minimum required by your application
Never use the sql server sa password
The rest of the pci requirements are related to network, Windows and SQL Server configuration and lockdown and other physical security requirements.

PCI compliance doesn’t have to be difficult, especially if you are dealing with a software company with a combined 25 years of credit card processing experience and that is 100% focused in PCI security compliance and safeguarding your data.

Services	Products	Support

Ecommerce Hosting	Shopping Cart Module	Support Forum
Payment Gateways	Payment Registration Module	Knowledge Base
Programming	Billing Manager Module	Get Support
Integration	Business Directory Module	Upgrade Policy
Web Design	Virtual Terminal	License Request
Internet Marketing	Recurring Billing	Support Ticket
SEO	ACH E-Check	Downloads
	Merchant Accounts

Contact Us

	sales@smith-consulting.com
	(949) 829-3020
	(714) 276-9047