What are the responsibilities of Squirrel Systems and the Merchant in relation to user accounts, password security, and PCI-DSS compliance?
Squirrel Systems is not responsible for the creation, management, or deletion of any user accounts or passwords. The Merchant is completely responsible for these actions. The Merchant is also required to create strong user accounts and passwords as part of being PCI-DSS compliant. These passwords need to be seven characters in length and need to consist of at least 3 of the following 4 character types: numbers, symbols, upper case letters, and lower case letters. Passwords are required to be changed by the Merchant at least once every 90 days. When a user is leaving an organization or changing to a role where they no longer require access to the payment processing application, the Merchant must delete their access immediately.
Related Questions
- Does Squirrel Systems offer support to customers who need assistance setting up user access controls with tools such as Squirrel Browser Security?
- Does Squirrel Systems provide its customers with information on security advisories and possible updates for its products?
- Was a valid user account, permission, or guest password compromised in a security attack?
