What Is PCI Compliance?
In security terms, it means that a business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
In operational terms, it means that a company is playing it’s role to make sure customers’ payment card data is being kept safe throughout every transaction, and that the customer and the business can have confidence that they’re protected against the pain and cost of data breaches.
OSA Is A PCI Compliant Service Provider
OSA is compliant with the Service Provider requirements of the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.
Our measures to remain compliant in accordance with the Service Provider standards of the PCI DSS:
- Regular scanning of our public IP addresses that process credit card transactions by an Approved Scanning Vendor (ASV).
- Developed and maintained security policies compliant with the PCI DSS.
- Regular penetration and common exploit testing, such as cross-site scripting and man in the middle attacks.
- Completion and review of the PCI-DSS Self Assessment Questionnaire (SAQ) Type D for Service Providers.
OSA’s scanning and validation is performed by Control Scan, a Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV) registered with the PCI Security Standards Council.
A PDF copy of our compliance certificate issued by Control Scan can be provided to clients upon request. Send us an email and we’ll be happy to provide it to you.
What Does All This Mean For Me?
Merchant accounts, credit card gateways, and payment processors all require PCI compliance from their merchants. You will also have the peace of mind knowing that OSA is continuously taking steps to secure your customer’s payment data.