Being an integrated solutions partner of an accredited PCI DSS Level 1 provider is something that we regularly mention to highlight the reliability and robustness of the card payment solutions that we provide. But what does it mean for the businesses that we work with and their customers?
What are the PCI DSS levels?
PCI DSS are a set of technical and operational requirements, established by the major payment card brands, that help organisations to maintain payment security, prevent card fraud and protect against data breaches. They apply to any organisation that stores, processes or transmits cardholder data regardless of the size or type of organisation – from small retailers through to large contact centres. The standards are made up of 12 components ranging from building a secure network to developing organisational data policy; the requirements for which varies depending on the number of transactions processed by the organisation each year. There are four levels of compliance, with Level 4 applying to merchants that process fewer than 20,000 transactions annually, up to Level 1 applying to those that process over six million.
For those businesses that fall within Levels 2 and 4, compliance is achieved through a process of self-assessment. For those that fall into the Level 1 category, more rigorous and in-depth assessments take place involving external audits and reporting.
As a service provider, it is this PCI DSS Level 1 assessment that is undertaken every 12 months along with added requirements including penetration testing and internal scans, to ensure that the solutions we provide via our integrated partner remain robust and inaccessible to data hackers scouring for weaknesses in IT networks.
What this means for your business
Our solutions have been through the highest degree of card security testing and scrutiny to achieve the Level 1 standard of compliance. Our clients are therefore reassured that their transaction environment is secure and provides them with confidence that they are protected against credit card fraud and breaches of cardholder data; a comfort that they can pass on to their customers.
In addition to this, many organisations view the process of becoming compliant with PCI DSS, even at the self-assessment levels, as complex and resource intensive. Moving to our external card payment processing solutions, takes away this headache by removing the transaction environment from your scope into ours, giving you the benefit of a higher level of compliance without the stress or expense.
Our suite of solutions – PCI Agent (for attended, over-the-phone transactions), Auto IVR, Online and PCI Webchat – are all adaptable to suit the needs of any business, whatever its type, shape and size. Being cloud-based they are simple to install, without the need for equipment on-site, and are easy to use both in the office and when accessed remotely.