The PCI Security Standards Council developed the Payment Card Industry Data Security Standard (PCI DSS) to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. The aim of this comprehensive standard is to help organizations proactively protect client account data.
The security requirements defined in the PCI DSS apply to all members, merchants, and service providers that store, process, or transmit cardholder data.
If you process credit and debit card transactions or store cardholder data in Millennium, you must implement strong access control measures to comply with the Payment Card Industry Data Security Standard (PCI DSS).
To enforce strong access control measures in Millennium, you must select the Enable Default Strong Security for PCI-DSS Compliancy option on the Business Information window. When you select this option, all users with access to the following features must change their login password to a strong password the next time they log in to Millennium.
|
Main Topic |
Sub Topic |
Specific |
|
DATA |
BUSINESS INFORMATION |
CREDIT CARD/EFT ACCESS DISABLE SECURITY |
|
DATA |
CLIENTS |
CREDIT CARDS - ADD NEW CC CREDIT CARDS - EDIT/DELETE CC CREDIT CARDS - SCREEN ACCESS CREDIT CARDS - VIEW FULL CC NUM EDIT CC/ACH WITHIN PAYMENT PLAN MEMB. CC/ACH INFO-CC/ACH # VISIBLE MEMBERSHIP CC/ACH INFO - VIEW/EDIT |
|
MANAGEMENT |
ACTIVITY LOG |
CLEAR ACTIVITY LOG VIEW THE ACTIVITY LOG |
|
MANAGEMENT |
SECURITY ADMINISTRATION |
SCREEN ACCESS |
|
MANAGEMENT |
SECURITY GROUPS |
ADD NEW SECURITY GROUP DELETE SECURITY GROUP EDIT ADMINISTRATORS SECURITY GROUP EDIT SECURITY GROUP SCREEN ACCESS UNDELETE SECURITY GROUP |
|
MANAGEMENT |
USER LOGINS |
ADD NEW LOGIN IDS DELETE A USER LOGIN EDIT ADMINISTRATOR USER LOGIN INFO EDIT USER LOGIN INFORMATION SCREEN ACCESS UNDELETE USER LOGINS VIEW VALID USERS IN ACCESS OVERRIDE |
Tip: To view the users affected, select Management > Security Administration to display the Security Administration window. Using the table above as a guide, adjust the entries in the Main Topic, Sub Topic, and Specific fields to view the security groups that have access to each feature.
A strong password has the following characteristics:
Features at least eight characters.
Features at least three of the following:
Capital letter
Lower case letter
Number
Special character (e.g. !@#$%&*?)
The following restrictions affect users with a strong password:
Users must change their password every 90 days and a new password cannot be the same as any of the previous four passwords.
Users cannot access Millennium for 30 minutes if they type their password incorrectly six times in a row.
Important: Only members of the Administrators security group can unlock a user's login account. Click here for instructions.
Users log out of Millennium automatically after 15 minutes of inactivity.
Configuring the Credit Card Processing Interface