2. Ecommerce Policy Account numbers (in databases, logs, files, backup media, etc.) must be stored securely, for example, by means of encryption (128-bit minimum) or truncation.
3. Ecommerce Policy The secure internal networks must use network address translation (NAT) to hide IP addresses. NAT server
5. Ecommerce Policy Each non-consumer user with ecommerce access is required to authenticate using a unique username and password
6. Ecommerce Policy Employees, administrators, or third parties who need to access the ecommerce network remotely must connect with the VPN
7. Ecommerce Policy Equipment and media containing cardholder data must be physically protected against unauthorized access. All cardholder data printed on paper or received by fax must be protected against unauthorized access.
8. Ecommerce Policy An intrusion detection system (IDS) must be used on the ecommerce networks. Security alerts from the IDS must be continuously monitored, and the latest IDS signatures must be installed.
