Make sure that you are and remain complaint with the PCI DSS Requirements.
PCI DSS compliance is an on-going activity for your business; it’s not a one-off exercise.
The payment transaction process has to be assessed each year
Train all your staff to be aware of the requirements.
Change your default passwords and settings – when you install / implement any new piece of hardware or software and then change all passwords once every three months.
NEVER use passwords that are in the list below:
- [name of product / vendor]
- 1234 or 4321
Make sure that you insist on the use of strong passwords across your environment – use passwords that are longer than 7 characters, combining uppercase and lowercase letters, symbols such as # or @ and numbers.
Look out for suspicious activity – check any unauthorised access to your systems, failed lo- in attempts or out of hours activity. Limit the number of log-in attempts so that the system is locked down once the threshold has been reached. Remove user accounts that are no longer being used.