Skip to Content Skip to Navigation

Security

SoEasyPay offers the highest level security for your customers’ data – we are level 1 PCI DSS compliant.

PCI - A set of global security standards to protect cardholder data

Data theft is a serious problem for the credit card industry.

The Payment Card Industry Security Standards Council (PCI SSC), comprising all the leading card organisations worldwide, has developed the PCI Data Security Standard (PCI DSS) – a comprehensive set of requirements, mirroring best security practices, to protect cardholder data.

All merchants who process, store or transmit cardholder data must comply with the PCI Data Security Standard.

The compliance levels demanded vary in strictness eg self-assessment versus an on-site security audit with a Qualified Security Assessor – merchants are classified into 4 risk levels, based on factors such as their number of transactions per year and their previous data hacking attacks.

But all merchants (levels 1 - 4) must satisfy three key elements for PCI compliance:

  • Annual Security Audit (on-site) or Annual Self-Assessment
  • Quarterly Network Scan – all your websites or IT infrastructures with internet-facing IP addresses must be scanned for vulnerabilities
  • Attestation of Compliance (merchant confirmation of compliance)

Compliance assessments must be carried out by accredited assessors: a Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV). ASVs can carry out network scans but if you require an on-site security audit you must use a QSA.

SoEasySecure PCI services

PCI compliance can be daunting. For this reason through our sister company SoEasySecure we can offer a full range of PCI services to help you every step of the way, including:

PCI Scanning 
An accredited assessor will scan your externally-facing IP addresses for vulnerabilities and provide the documents needed to validate your quarterly compliance.
 
Reporting
We can help you prepare and submit all the required documentation for PCI compliance, whether you need to submit an attestation of compliance for an on-site assessment or a Self Assessment Questionnaire (SAQ).

Scanning Tool
We also offer a tool that allows you to carry out your own on-demand vulnerability scans. You can also set up repeating schedules and configure your own scans. While this does not count towards PCI compliance, you get a trust mark on your website showing the IP addresses that feed into or out of your site are clean and virus-free. This is a great way of instilling customer confidence. We offer this tool free for a month – if you convert less than 5% of extra new business above the norm you can keep it for free


 

We are integrated with somany payment methods