We recently wrote about the Payment Card Industry Data Security Standars (PCI-DSS) and the new requirements being enforced as of July 1, 2010.

Only the features in MAS 90 and 200 version 4.30.0.18 and 4.40.0.1 or greater are designed to address these requirements. Installations of  less current releases will not be compliant with the new standards if credit card data is stored inside the system.

There are twelve requirements organized into six objectives.

1. Build and Maintain a Secure Network: Install and maintain a firewall and use unique, high-security, passwords with special care to replace default passwords.
2. Protect Cardholder Data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
3. Maintain a Vulnerability Management Program: Use anti-virus and keep it up date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant (see www.visa.com/pabp).
4. Implement Strong Access Control Measures: Access to cardholder data – both electronic and physical – should be on a “need-to-know” basis. Ensure those people with access have a unique ID and password. Do not share logon information.
5. Regularly Monitor and Test Networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
6. Maintain an Information Security Policy: It’s critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it’s disseminated and updated regularly.

More information is available at Sage’s PCI-DSS Compliance page.