0 ITEMS $0

Privacy

4/6/2006

We keep your personal information private and secure. When you make a purchase from our site, you provide your name, email address, credit card information, address, phone number, and a password. We use this information to process your orders, to keep you updated on your orders and to personalize your shopping experience.

Our secure servers protect your information using advanced encryption techniques and firewall technology.

To keep you informed about our latest offers, we may notify you of current promotions, specials and new additions to the Sample Store site. You may unsubscribe from our newsletters by following the unsubscribe instructions in any email you receive from us.

When entering any of our contests or prize drawings, you provide your name, email address and mailing address. If you win, we will send the prize to the address entered and notify you by email. When you enter a contest or drawing you are also included in our newsletter list to receive notice of promotions, specials and new additions to the Sample Store site. You may unsubscribe from this news list by following the unsubscribe instructions in any email received.

We use "cookies" to keep track of your current shopping session to personalize your experience and so that you may retrieve your shopping cart at any time.

Build and Maintain a Secure Network

First Requirement:

Install and maintain a firewall configuration to protect cardholder data - Firewalls are computer devices that control computer traffic allowed into and out of a company’s network, as well as traffic into more sensitive areas within a company’s internal network. A firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. All systems must be protected from unauthorized access from the Internet, whether entering the system as e-commerce, employees’ Internet-based access through desktop browsers, or employees’ email access. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.


Second Requirement:

Do not use vendor-supplied defaults for system passwords and other security parameters - Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These Passwords and settings are well known in hacker communities and easily determined via public information.


Protect Cardholder Data


Third Requirement: Protect stored cardholder data.

Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person. Other effective methods of protecting stored data should be considered as potential risk mitigation opportunities. For example, methods for minimizing risk include not storing cardholder data unless absolutely necessary, truncating cardholder data if full PAN is not needed and not sending PAN in unencrypted emails.


Fourth Requirement: Encrypt transmission of cardholder data across open, public networks.

Do not use vendor-supplied defaults for system passwords and other security parameters - Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These Passwords and settings are well known in hacker communities and easily determined via public information.


Maintain a Vulnerability Management Program


Fifth Requirement: Use and regularly update anti-virus software.

Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all systems commonly affected by viruses to protect systems from malicious software.


Sixth Requirement: Develop and maintain secure systems and application

Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor provided security patches. All systems must have the most recently released, appropriate software patches to protect against exploitation by employees, external hackers, and viruses.


Implement Strong Access Control Measures


Seventh Requirement: Restrict access to cardholder data by business need-to-know.

This requirement ensures critical data can only be accessed by authorized personnel.


Eigth Requirement: Assign a unique ID to each person with computer access.

Assigning a unique identification (ID) to each person with access ensures that actions taken on critical data and systems are performed by, and can be traced to, known and authorized users.


Ninth Requirement: Restrict physical access to cardholder data.

Any physical access to data or systems that house cardholder data provides the opportunity for individuals to access devices or data and to remove systems or hardcopies, and should be appropriately restricted.