The Payment Card Industry Data Security Standard (PCI DSS) was created to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.
It applies to companies of any size that accept credit card payments - including merchants, processors, acquirers, issuers, and service providers - and provides a baseline of technical and operational requirements designed to protect account data. Any company that intends to accept card payment, and store, process and transmit cardholder data, needs to host your data securely with a PCI compliant hosting provider.
In order to comply with PCI DSS, we have employed the following processes and practices:
- Monitoring of security controls – such as firewalls, intrusion-detection and intrusion-prevention systems, anti-virus, access controls, etc. – to ensure they are operating effectively as intended.
- Ensuring that all failures in security controls are detected and responded to in a timely manner.
- Reviewing changes to the environment, for example, addition of new systems, changes in system or network configurations and determining potential impacts to security controls.
- Perform periodic reviews and communications to confirm that PCI DSS requirements continue to be in place and personnel are following secure procedures.
- Reviewing hardware and software technologies annually to verify that they are supported and meet requirements.