SoEasyPay offers the highest level security for your customers’ data – we are level 1 PCI DSS compliant.
PCI - A set of global security standards to protect cardholder data
Data theft is a serious problem for the credit card industry.
The Payment Card Industry Security Standards Council (PCI SSC), comprising all the leading card organisations worldwide, has developed the PCI Data Security Standard (PCI DSS) – a comprehensive set of requirements, mirroring best security practices, to protect cardholder data.
All merchants who process, store or transmit cardholder data must comply with the PCI Data Security Standard.
The compliance levels demanded vary in strictness eg self-assessment versus an on-site security audit with a Qualified Security Assessor – merchants are classified into 4 risk levels, based on factors such as their number of transactions per year and their previous data hacking attacks.
But all merchants (levels 1 - 4) must satisfy three key elements for PCI compliance:
- Annual Security Audit (on-site) or Annual Self-Assessment
- Quarterly Network Scan – all your websites or IT infrastructures with internet-facing IP addresses must be scanned for vulnerabilities
- Attestation of Compliance (merchant confirmation of compliance)
Compliance assessments must be carried out by accredited assessors: a Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV). ASVs can carry out network scans but if you require an on-site security audit you must use a QSA.
SoEasySecure PCI services
PCI compliance can be daunting. For this reason through our sister company SoEasySecure we can offer a full range of PCI services to help you every step of the way, including:
An accredited assessor will scan your externally-facing IP addresses for vulnerabilities and provide the documents needed to validate your quarterly compliance.
We can help you prepare and submit all the required documentation for PCI compliance, whether you need to submit an attestation of compliance for an on-site assessment or a Self Assessment Questionnaire (SAQ).
We also offer a tool that allows you to carry out your own on-demand vulnerability scans. You can also set up repeating schedules and configure your own scans. While this does not count towards PCI compliance, you get a trust mark on your website showing the IP addresses that feed into or out of your site are clean and virus-free. This is a great way of instilling customer confidence. We offer this tool free for a month – if you convert less than 5% of extra new business above the norm you can keep it for free