Users

 Top  Previous  Next

PCI Compliance is a large part of credit card processing, and users are a key issue in this compliance.

 

The PCI Standard requires that access to all systems in the payment processing environment be protected through the use of unique users and complex passwords. Unique user accounts indicate that every account used is associated with an individual user with no use of generic group accounts used by more than one user. This means that every person that has access to Win-EZ Credit Card Interface must have their own user account.

 

The PCI Standard also requires the use of "strong" passwords, and a strategy for password complexity for compliance. This means that passwords must consist of at least 8 characters, must have at least one lower case letter, one upper case letter, one number, and one non alpha numeric character. Passwords must also be changed every 90 days, and must and the password cannot be the same as the last 4 passwords used.

 

PCI user account requirements beyond uniqueness and password complexity also include:

Automatic lockout of accounts that provide the wrong password 6 times.
Automatic lockout of accounts that are inactive for more than 90 days
Automatic time out of the application is idle for 15 minutes or more
Logging of all access to the payment application including date and time, the user account accessing the application, and detailed information about the actions taken by that user.