Share this Article
PDCflow Achieves PCI-DSS Level 1 Recertification
PDCflow recently announced the completion of our annual audit for our Level 1 PCI Compliance status and that is a cause for celebration in our Ogden, Utah office. What does it mean to be Level 1 PCI Compliant and what is required of PDCflow as an organization to meet this high standard?
What is PCI Compliance?
Anyone who accepts credit card payments is obligated to adhere to the PCI-DSS in one degree or another, but in simplest terms, being PCI Compliant means ensuring that all details, credit card numbers and 3 digit CSV numbers, are handled in a secure environment.
Key aspects of PCI Compliance are:
- PCI-DSS or Payment Card Industry Data Security Standard was created in 2004 by the major payment card brands.
- It is a set of requirements for all businesses who process, store or transmit credit card information to follow so it is done in a secure environment.
- It covers all payment cards including American Express, Discover, JCB, MasterCard and Visa.
What are the Main PCI Compliance Goals?
For simplicity’s sake, below are the 6 main requirements or key goals of PCI Compliance, but the full list is much more extensive, and includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures.
- Establish and maintain a secure network and system in order to ensure that payment transactions are processed in a robustly secure network. To achieve this, firewalls must be established to protect cardholder data and these firewalls must be effective without causing inconvenience, such as slow processing times, to cardholders.
- Protection of stored cardholder data with the needed steps taken to secure against hacking including securely encrypting data that is transmitted through public networks.
- Establishing a vulnerability management program which includes frequently updating anti-virus software, anti-spy software, and other anti-malware solutions in order to protect against malicious hackers.
- Restrict and control access to system information and operations. Cardholder data should not be provided unless it is required to effectively carry out a transaction and each person who uses a computer in the system must be assigned a unique and confidential identification name or number. This includes protecting physical cardholder data as well as data submitted electronically.
- Constantly and consistently monitor and test to ensure that all security measures are in place and working effectively.
- Maintain a policy that addresses information security for all personnel.
Levels of PCI Compliance
There are different levels of certification:
- Level 1 Service Provider or Level 1 Merchant certification requires an on site assessment by a qualified security assessor
- Level 2-4 Merchant certification can be attained by self assessment via the Self Assessment Questionnaire “SAQ”
A business can only Self-Certify by completion of a Self Assessment Questionnaire, if you have:
- Never suffered a data breach and
- Are using the services of third party that has attained Level 1 Certification, such as, PDCflow.
- A processing level of less than 6 million visa transactions a year
Why choose a Level 1 PCI Service Provider?
The PDI-DSS standard is recognized as the security benchmark for payments and Level 1 Compliance is a clear indicator of a mature processor which can be safely used to process your payments.
PDCflow completed its recertification as a Payment Card Industry-Data Security Standard (PCI DSS) Level 1 Service Provider following a detailed assessment to ensure credit card data is stored, processed and transmitted in a secure and protected manner. Annually, PDCflow works with PCI Compliance assessor Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world. The comprehensive assessment includes document collection and analysis, vulnerability scanning and penetration testing as well as regularly recurring scans throughout the year.
For more information on PCI Compliance and what it means for your business, download the PCI Compliance Guide.