PCI DSS Compliance
If your company accepts credit card payments, you have probably already heard from your credit card processor about the requirement to be PCI DSS certified by July 1. As long as you process less than 6 million transactions per year and have not had a data security breach, the certification consists of answering a questionnaire and arranging for a periodic security scan, rather than a on-site audit.
Sage Payment Services has arranged for Trustwave to provide the security scan and a wizard interface to walk you through the questionnaire part. The modest fee includes tech support, so if any of the questions leave you wondering “what the hell does that mean?”, make them earn their fees.
Here are some web sites with more info on the subject:
The PCI Security Standards Council – straight from the horses mouth, but also trying to sell consulting services so it is not particularly user friendly.
Sage MAS 90 and MAS 200 PCI info
Sage Accpac PCI info
And last but not least, the PCI DSS Guru site which includes a template for a company credit card security policy, which is one of the requirements of PCI DPS certification.