PCI Data Security Standards Level 1

In general, what is PCI-DSS certification?

The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard defined by the Payment Card Industry Security Standards Council. PCI certification is required for Payment Service Providers like Citopay Online Merchant Services and merchants that process credit card payments.

The certification is designed to prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.

Service provider levels are defined as:

Level 1: Any service provider that stores, processes and/or transmits over 300,000 transactions annually, like Citopay Online Merchant Services.

Level 2: Any service provider that stores, processes and/or transmits less than 300,000 transactions annually.

Citopay Online Merchant Services is Level 1 certified!

PCI-DSS is a standard that specifies best practices and various security controls. Certification in the standard requires organizations to:

Build and maintain a secure network

Protect cardholder data

Maintain a vulnerability management program

Implement strong security measures

Regularly test and monitor networks

Maintain an information security policy

All organizations processing credit card information, regardless of their deployment model, are required to be certified. For larger merchants (Merchant Level 1 is the largest type), validation of by independent and approved reviewer is required. A PCI Qualified Security Assessor (QSA) is authorized to perform an independent assessment and certify a vendor.

What is a PCI Validated Service Provider?
Service providers are organizations that process, store, or transmit cardholder data on behalf of clients, merchants, or other service providers. They may include shared hosting environments in which cardholder data may be stored. Certified credit card merchants must use service providers that are compliant with the PCI Data Security Standard (DSS).

A validated service provider is one that has undergone an audit by an independent QSA and is found to be in conformity with the PCI security standards outlined in the latest version of the Data Security Standard published by PCI. Citopay Online Merchant Services is a PCI service provider for scenarios in which a merchant processes, stores, and/or transmits credit card data on the Citopay gateway infrastructure.