Top Tips

Top Tips

 

  • Make sure that you are and remain complaint with the PCI DSS Requirements.
  • PCI DSS compliance is an on-going activity for your business; it’s not a one-off exercise. The payment transaction process has to be assessed each year
  • Train all your staff to be aware of the requirements (You are now trained so great work well done)
  • Change your default passwords and settings – when you install / implement any new piece of hardware or software and then change all passwords once every three months.

NEVER use passwords that are in the list below:

  • [none]
  • [name of product / vendor]
  • 1234 or 4321
  • access
  • admin
  • anonymous
  • database
  • guest
  • manager
  • pass
  • password
  • root
  • sa
  • secret
  • sysadmin

Make sure that you insist on the use of strong passwords across your environment – use passwords that are longer than 7 characters, combining uppercase and lowercase letters, symbols such as # or @ and numbers.

Look out for suspicious activity – check any unauthorised access to your systems, failed login attempts or out of hours activity. Limit the number of log-in attempts so that the system is locked down once the threshold has been reached. Remove user accounts that are no longer being used

Useful PCI DSS Links