Remember my username on this computer.



  • Establish a company privacy policy that explains the security measures your company has put in place to protect card transaction data.
  • Employ internal and external firewalls to prevent intrusions from the Internet and from within your own organization.
  • Encrypt all stored payment data using triple DES encryption.
  • Assign employee access to payment data on a need-to-know basis.
  • Assign a unique ID to each person with computer access to payment data.
  • Maintain the ability to track employee access to payment data through the use of unique IDs.
  • Change employee passwords regularly.



  • Ensure employee security policy is understood by all your employees.
  • Require two-person control to access encrypted data.
  • Routinely test internal security systems and processes.
  • Quarterly certification of systems and processes by a third-party Security Evaluation Company is preferred.
  • Maintain physical building and premise-access security.
  • Restrict physical access to merchant payment data.
  • Never store payment data on a web server or cache anywhere in memory related to a web server.
  • Payment data should only be stored in a separate, secure database, with at least one external firewall.
  • Never store Card Identification (CID) information.
  • Never use merchant payment data for any purpose other than processing future transactions.