Secure Remote Access Requirements

• Change default settings in the remote access software (for example, change default passwords and use unique passwords for each customer).
• Allow connections only from specific (known) IP/MAC addresses.
• Use strong authentication and complex passwords for logins, according to PCI DSS Requirements 8.1, 8.3, and 8.5.8-8.5.15 (see Appendix A for details on PCI DSS Requirement 8).
• Enable encrypted data transmission according to PCI DSS Requirement 4.1.

  PCI DSS Requirement 4.1: Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks. Examples of open, public networks that are in scope of the PCI DSS are:

  • The Internet,
  • Wireless technologies,
  • Global System for Mobile communications (GSM), and
  • General Packet Radio Service (GPRS).
• Enable account lockout after a certain number of failed login attempts according to PCI DSS Requirement 8.5.13 (see Appendix A of this document for details on PCI DSS Requirement 8).
• Configure the system so a remote user must establish a Virtual Private Network ("VPN") connection via a firewall before access is allowed.
• Enable the logging function.
• Restrict access to customer passwords to authorized reseller/integrator personnel.
• Establish customer passwords according to PCI DSS Requirements 8.1, 8.2, 8.4, and 8.5 (see Appendix A for detailed PCI DSS Requirements).

Please send us your feedback on this help page.