Afferent Software achieves PCI-DSS Level 1 Compliance
Recently, Afferent Software achieved Level 1 Compliance with the Payment Card Industry Data Security Standard (PCI-DSS). As a company, we’re thrilled to be able to announce this achievement and are very proud of all of the team who were involved attaining this accreditation.
So What Actually is PCI-DSS? (And why do we need it?)
Participants in the payments industry deal with sensitive, personally identifiable, cardholder payment data on a daily basis. This is done because having knowledge of consumer’s personal payment data is essential to processing customer financial transactions, whether during so-called “card not present” transactions (i.e. on web pages and online stores), or through more traditional avenues such as at Point of Sale (POS) and ATM devices. In either scenario, the collection, handling and – if required – storing of customer data, must be strictly controlled in order to prevent its misuse and exploitation (i.e. fraud) by unscrupulous third parties.
In order to formalize minimum best practices, as well as accredit genuine operators, the Payments Card Industry Data Security Standards have been put together and maintained by all the major players in the payment industry, through the Payment Card Industry Security Standards Council (PCI SSC).
History
In the early days, most of major card schemes – in a effort to protect their own cardholder’s data – developed their own regulations and policies to ensure that merchants dealing with their customers financial information met appropriate minimum best practices. Some of the main players in industry who developed their own policies included Mastercard, Visa, American Express, Discover and the Japan Credit Bureau (JCB). Since each set of policies – although broadly similar – still had a number of differences between them, these participants got together to standardize a single set of security standards which would enhance the interoperability of each of the schemes, culminating in the release of version 1 of the PCI-DSS regulations in 2004.
Following the success of this initial collaboration, the major market players again got together in 2006 to form the aforementioned Payment Card Industry Security Standard Council and soon after, to oversea the continued development of the PCI-DSS regulations.
So who does it apply to?
Any merchant or business who handles, stores or processes sensitive cardholder information needs to be PCI-DSS compliant. While in some jurisdictions, accreditation to an appropriate PCI-DSS level is legally mandated, ensuring that payment processors and providers are compliant can add a significant degree of confidence to any given payment provider’s security protocols.
What are the levels you can get?
There are 4 basic levels of PCI accreditation, each roughly segmented by the number of transactions processed per year:
- Level 1 – Over 6 million transactions per year
- Level 2 – Between 1 and 6 million transactions per year
- Level 3 – Between 20,000 and 1 million transactions per year
- Level 4 – Less than 20,000 transactions per year
What does it mean for our customers?
This is great news for our customers! Achieving PCI-DSS Level 1 compliance shows that – as a company – Afferent and our team have the skills, processes and training required to meet the highest level of cardholder data security (Level 1) as well as produce trusted and secure code and applications that will ensure the highest levels of cardholder data protection against transaction fraud.
Achieving our PCI-DSS Level 1 accreditation was a great milestone for Afferent and a great credit to the talented and hard working staff that make up our compliance team. We’re glad we can pass on all the benefits of PCI-DSS compliance to all our valued customers.
To learn more about our team, expertise, or products and services, please check out our Products and Services pages or contact us at info@afferentsoftware.comto chat about how we can help in your next payments project.