13
5. protection of wireless transmissions.
The Spire Payments SPw60 utilises Wi-Fi wireless transmissions in accordance with PCI DSS and
industry best practices.
6. testing payment applications to address vulnerabilities
Spire Payments have a process to identify newly discovered security vulnerabilities and have timely
development and deployment of security patches and upgrades. You need take no further action
to ensure your PCI DSS compliant environment meets this specific requirement.
7. secure network implementation.
The payment application operates in the Spire Payments SP hardware environment and does not
need to log application activity.
8. ensuring cardholder data must never be stored on a server connected to the Internet.
If you are using the Spire Payments SP device on a Local Area Network for the payment transaction
interface and you are using a local server to store and forward the transaction data, you must take
steps to protect the transaction data in accordance with DSS requirements.
9. secure remote software updates.
Software updates will be carried out automatically by the Spire Payments terminal management
system. This system ensures only authenticated payment software is loaded onto your terminal.
10. secure remote access to payment application.
There is no remote access to the payment application.
11. encryption of sensitive traffic over public networks.
Transactions sent over network connections are always encrypted by the payment application using
Secure Socket Layer (SSL) technology.
You may engage your business with 3rd party agents who provide services that are part of your overall
payment process, e.g. shopping cart providers, web design firms (often referred to as Common Points
of Service or Service Providers). Agents acting as a Service Providers must be compliant with PCI DSS
and be registered with the card schemes. Refer to www.serviceprovidersurvey.com (correct at the
time of publication) for more information about Service Provider registration.
You must never communicate sensitive cardholder data by any means unless it is encrypted. Spire
Payments will never request such data from you. Sensitive cardholder data means:
Page 13.
Data Security Standard (PCI DSS) Advice
To Next Page
Loading...
