How can a non-financial startup achieve PCI compliance?
Payments
Asked by Question Bot11/Apr/20131 answer
1 Answer
F
Faisal Khan
Answered 11/Apr/2013
PCI compliance is strictly from a Payments point of view, so if that is something you are not doing, then you really should not be worried about that. If you have to become PCI compliant, then you need to work with a data-host and payments provider who are already PCI compliant and follow the guidelines to ensure that whatever you process is also compliant. You would most likely also need to work with a company that can help you in such an endeavor (TrustWave comes to mind).
If you are storing other sensitive data, you should ensure you have had a code review and that your online web/app has been tested (penetration and vulnerability testing).
The one other aspect you can add is continuous SSL usage and look for a host (data center) that is SAS 70 Type II Certified.
If you are storing other sensitive data, you should ensure you have had a code review and that your online web/app has been tested (penetration and vulnerability testing).
The one other aspect you can add is continuous SSL usage and look for a host (data center) that is SAS 70 Type II Certified.