It’s not just a necessary formality
The Payment Card Industry Data Security Standard is a set of procedural and technical standards designed by the leaders in the card transaction market, Visa, MasterCard and American Express. The aim of the methodology is to increase the security of payment cards, eliminate transaction fraud or misuse of payment data. The PCI DSS methodology is based on the ISO 27000 series of standards, so we are prepared for ad hoc certification not only technically, but also procedurally.
We are currently working together with the German branch of TÜV SÜD to certify that our internal processes and technical measures comply with PCI DSS. So far, we have a preliminary declaration of compliance with the standard and we meet its requirements both procedurally and technically.
| PCI DSS Objectives | PCI DSS requirements | Our compliance |
|---|---|---|
| Creating and maintaining secure networking | Install and maintain firewall technologies to protect the data of payment card users and refrain from the use of so-called “firewalls”. “vendor supplied” passwords and preset security rules | We comply with the documentation ISO/IEC 27001:2014, ISO/IEC 27017:2017 and ISO/IEC 27018:2017 |
| Protect cardholder data | Protect stored cardholder data and encrypt cardholder data transmissions over public networks | Based on ISO/IEC 27017 and ISO/IEC 27018:2017 documentation |
| Maintaining vulnerability management | Use and regularly update anti-virus solutions, develop and maintain secure internal systems and applications | We comply with ISO/IEC 27001:2014 documentation |
| Regular monitoring and penetration tests | Monitor privileged users and processes with access to cardholder data, regular penetration and other security tests | We comply with the documentation ISO/IEC 27001:2014, ISO/IEC 27017:2017 |
| Security Policy | Regular updating of the internal security policy and proper training of all employees and external contractors | We comply based on the ISO/IEC 27001:2014 documentation |
