BLOG

We are proud to announce that as of July 12th, 2019, Corpayss’s services are PCI DSS Level 1 Compliant with the latest version 3.2.1.

We will provide our Issuing, Acquiring, POS, Card Operation, Data Preparation, Back-Office, Billing Management, Clearing and Settlement, E-Commerce, Mail Order, Prepaid Services, Fraud and Chargeback, Loyalty Program, Payment Gateway/Switch and Merchant Services with PCI Data Security Standards.

In this blog, we will introduce PCI DSS to you and what this compliance will offer to our clients and partners.

PCI DSS: An Overview
It is a set of technical and operational requirements governed by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions.

PCI Security Standards include:

• PCI Data Security Standard (PCI DSS)
• PIN Transaction Security (PTS) Requirements
• Payment Application Data Security Standard (PA-DSS)
• PCI Point-to-Point Encryption Standard
• PCI Card Production Logical Security Requirements and Physical Security Requirements
• PCI Token Service Provider Security Requirements

PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. PCI DSS version 3.2.1, contains requirements under 12 categories.

Story of our Accomplishment
Receiving an Attestation of Compliance for PCI DSS is a long and complicated process. Therefore, the preparation stage started by the beginning of 2019. 

Besides other requirements, we extensively focused on Requirement 5 which states protecting all systems against malware and regularly updating antivirus software or programs and Requirement 10 which states tracking and monitoring all access to network resources and cardholder data. We took necessary measures to deploy well known tools for antivirus, File Integrity Monitoring (FIM), Security Information and Event Management (SIEM).

On-Site Audit which took place between June 17-20 was completed successfully and Report on Compliance (ROC), Attestation of Compliance (AOC) and the certificate stating PCI-DSS Compliance were prepared by the Qualified Security Assessor (QSA).

What Next on PCI DSS
PCI DSS Certification has just brought us more difficult tasks to complete. It is simply the beginning of maintaining on-going compliance. There will be actions which need to be taken on weekly, monthly and quarterly basis.