PCI Compliance involves much more than the software your company uses. It also involves the practices and procedures of your company.
Below are a few ways that Fishbowl protects credit card information:
- The LDAP tab of the Company module options allows integration with an LDAP server. This increases password security by allowing users to log into Fishbowl with their domain password.
- The Fishbowl database does not store CVC security codes. The credit card information that Fishbowl does store is password protected and encrypted in the database.
- The Payment Viewer module options provide the ability to hide the credit card number from all users or to not store the credit card number at all.
- Fishbowl utilizes access rights to control which users have access to view payments. These access rights can be set by opening the User Group module, loading the applicable user group, clicking the Rights tab, and then expanding the Payment Viewer node. These access rights also provide a way mask the credit card number so that even users who have rights to view payments can only see the last 4 digits of a credit card number.
Below is a list of level 4 compliance for your reference. PCI compliance is not a federal law, and as such state and local laws may dictate requirements in addition to PCI compliance standards. In all cases Fishbowl must be used in the appropriate way to maintain compliance with such laws. Remember that Fishbowl is simply a business tool that must be used in harmony with laws and correct processes.
| || || |
| ||Install and maintain a firewall configuration to protect cardholder data.|| |
| ||Do not use vendor-supplied defaults for system passwords and other security parameters.|| |
| ||Protect stored cardholder data.|| |
| ||Encrypt transmission of cardholder data across open, public networks.|| |
| ||Use and regularly update anti-virus software.|| |
| ||Develop and maintain secure systems and applications.|| |
| ||Restrict access to cardholder data by business need to know.|| |
| ||Assign a unique ID to each person with computer access.|| |
| ||Restrict physical access to cardholder data.|| |
| ||Track and monitor all access to network resources and cardholder data.|| |
| ||Regularly test security systems and processes.|| |
| ||Maintain a policy that addresses information security.|| |
Data pulled from PCI Compliance website