Introduction:
FBO One customers that have a Payment Gateway configured in their system must be PCI compliant.
PCI compliance refers to the adherence to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to protect sensitive payment card data. PCI DSS is mandated by major credit card companies like Visa, MasterCard, American Express, and other payment gateway providers to ensure the secure handling of payment card information and reduce the risk of data breaches and fraud in the payment card industry.
PCI compliance involves a series of requirements and security best practices that organizations that handle payment card data must follow, including strong access control measures.
Password Requirements:
PCI compliance password requirements are:
- Require a minimum length of at least seven characters.
- Contain both numeric and alphabetic characters.
- Users to change passwords at least every 90 days.
- Password parameters are set to require that new passwords cannot be the same as the four previously used passwords.
- First-time passwords for new users, and reset passwords for existing users, are set to a unique value for each user and changed after the first use.
- User accounts are temporarily locked out after not more than six invalid access attempts.
- Once a user account is locked out, it remains locked for a minimum of 30 minutes or until a system administrator resets the account.
- System/session idle time-out features have been set to 15 minutes or less.
- Passwords are protected with strong cryptography during transmission and storage.
Making FBO One Compliant
When combined with appropriate security policies, FBO One's security settings can be configured to effectively support and enable Fixed Base Operators (FBOs) to comply with the stringent standards of the Payment Card Industry Data Security Standard (PCI DSS).
Requirements 1 & 2
Administration | Security | Password Validations
Requirements 3 & 4
Administration | Application | Application Settings
Requirement 5
Administration | Security | Reset Password
When setting or resetting passwords, do not repeat "starter" passwords.
A simple solution is to use the word Reset, plus add a random three-digit number. Examples:
Reset123
Reset548
Reset736
The administrator should tell the user their new password, confirm user logs in, and changes the password to one known only to the user.
Requirements 6 & 7
Administration | Application | Application Settings
- Set MaxConsecutiveFailedLoginAttempts to 6
- Set MaxConsecutiveFailedLoginAttemptsTimespanHours to 1 or more
To unlock a user, first go to the Reports tab and run the Security Audit report to review the user login attempts and confirm the user's IP address, then:
Administration | Security | Unlock User
Please contact FBO One Support should you have any further questions or concerns about your system security.
Comments
0 comments
Please sign in to leave a comment.