PCI Compliance
PCI is the Payment Card Industry Data Security Standard, also known as PCI DSS and is an exclusive information security standard administered by the Security Standards Council and makes reference to a standard that contains a series of security requirements that all merchants, large or small, must comply with, this standard applies to any company that processes, stores or transmits credit card data, therefore the merchant must have a "PCI Certificate" that guarantees that all its processes and tools that it uses comply with the necessary security regulations to guarantee the integrity of the information, for which reason the uContact Omnichannel Contact Center software is "PCI Compliance" because it complies with the most common requirements that the client's process requires for its certification.
Some basic compliance requirements that some processes are required and are included in uContact are:
- Use a 128bit SSL certificate. In short: Protect data. Encrypt any public transmission of data.
- ISO 27001 Security of handling and protection of information
- ISO 27002 business continuity management process
- Install and maintain a firewall configuration to protect data.
- Do not use vendor defaults for system passwords and other security settings.
- Encrypt the transmission of cardholder data over open, public networks.
- Restrict access to data on a business need-to-know basis.
- Assign a unique ID to each person with access to the system.
- Perform regular access and security checks to network resources and data.
- Maintain a security policy and make sure all staff is aware of it.
In addition, Google Cloud undergoes an annual third-party audit to certify that all of its products are PCI DSS compliant. This means that the services provided an infrastructure on which customers can build their own services or applications for storing, processing, or transmitting cardholder data.
It is important to note that customers remain responsible for ensuring that their applications are PCI DSS compliant.