‚Äč

Simply fill out the form below to see if we can help.

Close X

Simply fill out the form below to request a demo for our online web 2 print and stock control service.

Close X

contact us

01235 520444

Payment Card Policy

Information Security Awareness Program

All employees authorised to accept payment cards (debit and credit cards) securely process, store and dispose of payment card data (paper and electronic media) in order to adhere to the Payment Card Industry Data Security Standards (PCI DSS).

In order to protect cardholder data and ensure PCI DSS compliance at LeachPrint, the following procedures are followed:

  • Authorised employees comply with the PCI DSS.
  • All e-commerce transactions use PayPal’s secure online site. Manual transactions use PayPal’s secure virtual terminal.
  • Payment card data is not transmitted or stored in any other system, server, personal computer or e-mail account. Under no circumstance is credit card information obtained, or transmitted, by e-mail.
  • Physical (paper) cardholder data is locked in a safe with access limited to only authorised employees. These printed materials may include, but are not limited to, customer order forms and paper receipts.
  • All media used for credit cards is destroyed once the transaction is completed. All hardcopy (paper) is crosscut shred prior to disposal.

 

 

PCI DSS Compliance Guidelines

  • It is against LeachPrint Policy to store credit card numbers on any computer, server, database or spreadsheet.
  • Restrict access to card data by business need to know.
  • Paper documents containing cardholder data must be locked in a safe.
  • Restrict physical access to cardholder data.
  • Email is not an approved way to transmit credit card numbers.
  • Paper receipts must be destroyed so that account information is unreadable and cannot be reconstructed.
  • Any new systems/software that process payment cards are required to be approved by the Directors prior to being purchased.
  • Maintain a firewall and router configuration to protect cardholder data.
  • Use and regularly update anti-virus software.
  • Do not use vendor-supplied defaults for systems passwords and other security parameters.
  • Computer systems using “Virtual Terminal” must be connected to the proprietary sub-domain with no network access.
  • Report all suspected or known security breaches to Management.

 

Payment Card Industry Data Security Standards (PCI DSS) for Accepting Credit Cards

PCI compliance is required of all merchants and service providers that store, process, or transmit cardholder data. The requirements apply to all payment channels, including retail (in person), mail/telephone order, and e-commerce.

LeachPrint is required by the payment card associations to be compliant with the Payment Card Industry (PCI) Data Security Standards, and is committed to providing a secure environment for our customers to protect against both loss and fraud. LeachPrint must comply with Payment Card Industry (PCI) requirements for securely processing, storing, transmitting and disposing of cardholder data.

The PCI DSS is a result of collaboration among the major payment card companies to create common industry security requirements, aiming to protect against both cardholder data exposure and compromise. The following programs incorporate PCI DSS:

VISA

Cardholder Information Security Program (CISP)

MasterCard

Site Data Protection (SDP) Program

American Express

Data Security Requirements

Discover

Discover Information Security and Compliance (DISC) Program

The PCI DSS offers a single approach to safeguarding sensitive data for all payment card companies. Other card companies have also endorsed the PCI DSS within their respective programs.

The PCI DSS consists of twelve basic requirements;

PCI Security Standard

 

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored data
4. Encrypt transmission of cardholder data and sensitive information across public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

For More Information – Please visit https://www.pcisecuritystandards.org/

Date of this Last Policy Update: 2nd February 2017

Thanks again for such a quick turnaround! Very much appreciated. We can always rely on you all at LeachPrint to help us out in difficult situations, can't ask for better service!

Mon 10 February 2014

We are here to help.

Contact us on 01235 520444 or use our quick enquiry form.

ENQUIRE NOW