Many organizations have questions about PCI Compliance and the new and ever-changing standards set by the credit card industry. Securing patron's credit card data is extremely important to Vendini, thus we have implemented all required and recommended security provisions set forth by the PCI Security Standards Council.
Q. What is PCI Compliance?
A. The Payment Card Industry Data Security Standard (PCI-DSS) was created by major credit card companies to safeguard customer information. Visa, MasterCard, American Express, and other credit card associations mandate that merchants and service providers meet certain minimum standards of security when they store, process, or transmit cardholder data.
Q. Is Vendini PCI-DSS compliant?
A. Yes, Vendini is fully PCI-DSS compliant. Click Here to view a PDF version of Vendini's Compliance Certificate from Scan Alert.
Scan Alert by McAfee provides the world's leading PCI-DSS Security Certification Service. McAfee PCI-DSS Compliance serves over 250,000 merchants worldwide and meets the requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS, DiscoverCard and JCB.
Q. I don't see Vendini on Visa approved vendor list for PCI-DSS compliance. Why?
A. Visa publishes only those vendors who are Level 1 PCI-DSS compliant. Vendini is Level 2 PCI-DSS compliant. Vendini is not required to be Level 1 compliant based on our current annual volume of credit card transactions on Visa.
From Visa's Website:
*Effective February 1, 2009, Level 2 service providers will no longer be listed on Visas' List of PCI DSS Compliant Service Providers. Entities that wish to be on the Global List of PCI DSS Validated Service Providers must validate as a Level 1 provider.
Q. Is Vendini required to be PA-DSS compliant in addition to PCI compliant?
A. No, PA-DSS (also known as Visa's TPP) applies only to third-party payment applications that store, process, or transmit cardholder data as part of authorization and settlement and is sold, licensed, or distributed to a merchant NOT as part of a service. PA-DSS does NOT apply to payment applications offered by application or service providers only as a service, such as Vendini.
Read an official letter from a Qualified Security Assessor (QSA) from igxGLOBAL verifying that Vendini is not required to be PA-DSS compliant.
IMPORTANT: Be careful of vendors who do not provide their point-of-sale software as a service (via a web browser over the internet). These vendors must be PA-DSS compliant and be listed on PCI Security Standard's website for validated third party payment applications. If the vendor is not listed, and you're running that vendor's software, your organization is likely at risk.
Q. Can I get more information on Vendini's architecture and how it will interface with my organization?
A. Yes, click here to learn more.
|
