PCI Compliance Information
HiBid is PCI compliant with all of the credit card information we handle. We maintain this compliance by conforming to the current Payment Card Industry Data Security Standard (PCI DSS) regulations.
These regulations state that we need to:
Build and Maintain a Secure Network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
- Requirement 3: Protect stored cardholder data
- Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
- Requirement 5: Use and regularly update anti-virus software
- Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
- Requirement 12: Maintain a policy that addresses information security
We do offer an optional credit card verification, with the CC information retained for you, for use with our online bidding. We maintain PCI compliance by following the above encryption and security requirements and only present the credit card information, as it sits on our servers, to you on the buyer’s specific invoice.
We cannot control the PCI compliance on your individual computers or your staff. To maintain local PCI compliance, we would advise you to not write any credit card information down for local storage. If you do retain credit card information for any reason, you will need to ensure that you conform to PCI compliance regulations, as well.