The Payment Card Industry Data Security Standard (PCI/DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations and merchants of all sizes must follow PCI/DSS standards if they accept payment cards from the five major credit card brands; Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB).
Compliance with PCI/DSS is required for any organization that stores, processes, or transmits payment and cardholder data, and with the PCI/DSS certification DigiPlex customers can confidently store credit card transaction data on servers in any DigiPlex data center. Combined with DigiPlex Nordic Connect, any business wanting or needing to offer credit card payment facilities can take advantage of a fast, cost-effective pan-Nordic data center solution. This provides customers the flexibility to locate services close to end customers and to support multi-site redundancy capabilities.
Commenting on the certifications, Fredrik Jansson, CCO at DigiPlex said; “PCI/DSS certifications have been in place at many of our sites for several years. Extending this level of assurance to include all our Nordic sites increases flexibility and alternatives for our customers. At DigiPlex, compliance does not end with a certificate on the wall. Our customers also regularly receive detailed compliance reports to support their own efforts to increase their customer confidence and satisfaction levels, aiding them grow their business even further.”
To achieve PCI/DSS compliance requires demonstrated ability to:
• Tightly control access where only authenticated individuals can access servers
• Clearly distinguish between legitimate parties and other visitors to prevent unauthorised access to areas where credit card data is hosted
• Provide continuous monitoring of areas where cardholder details are stored
• Ensure physical protection and prevent access to any removable media with cardholder data (such as USB drives) from being used
Self-certification of the above requirements is permitted, however, to ensure an entirely independent audit of its capabilities DigiPlex opted to have a Qualified Security Assessor (QSA) undertake this. We used a third-party auditor, IT Governance Ltd. PCI/DSS certification adds to DigiPlex’s already comprehensive assurance credentials, from numerous ISO standards covering information security, environmental management, quality and occupational health, to both SOC1 (for US regulators) and ISEA (for Europe) financial reporting.