PCI - Online SecurityIs your eCommerce supplier PCI DSS Level 1 Compliant?

With online fraud at an all time high and consumer awareness of lost and stolen credit card data increasing, it is imperative that security and fraud are an integral part of your eCommerce strategy. Criminals have gone high tech and have discovered that there is a significant amount of money to be had with very little risk. Fraud is not to be taken lightly.

Advansys has achieved the highest level, Tier 1 Compliance Certification with the Payment Credit Card Industry Data Security Standard (PCI DSS) which demonstrates that all of our business processes and infrastructures meet the highest level of security throughout the life-cycle of a credit card transaction.

The Highest Level of Security: PCI DSS Level 1

There are the four levels of PCI compliance as mandated by the Payment Card Industry Security Standards Council (PCI SSC), which is made up of MasterCard Worldwide, Visa, American Express, Discover Financial Services and JCB International. Advansys has the highest Tier 1 Compliance Certification.

Companies that meet Level 1 compliancy must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor.

Any company at levels 2, 3 or 4 complete an annual Self Assessment Questionnaire.

Can you trust 'self-assessment' where your company information, reputation and client confidentiality is at risk? Potentially, but are you prepared to run the risk?

What Is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standards) are a set of technical and operational requirements that have been set up to protect card holder data. Any company that stores, processes, or transmits cardholder data must be PCI DSS compliant.

PCI DSS: 12 Security Requirements

The PCI Data Security Standards consist of 12 requirements that mirror best security practices. Complying to these will alleviate any vulnerabilities and thwart theft of cardholder data.

  • Build and maintain a secure network
    • Firewall configuration to protect cardholder data
    • Passwords and security parameters
  • Protect cardholder data
    • Protect stored cardholder data
    • Encryption of cardholder data
  • Maintain a vulnerability management program
    • Latest anti-virus software
    • Develop and maintain secure systems
  • Implement strong access control measures
    • Restrict access to cardholder data
    • Unique IDs for computer access
    • Restrict physical access to cardholder data
  • Regularly monitor and test networks
    • Track and monitor all access to networks
    • Regularly test systems (penetration testing)
  • Maintain an information security policy
    • Maintain a policy that addresses information security

For more information: https://www.pcisecuritystandards.org/

Data Security: Fraud Screening

Here at Advansys we take data security seriously. Aside from being PCI DSS Level 1 complaint, the advansys Ecommerce Management System includes advanced security features to protect your business from hacking, fraud and other security risks.

Preventing online fraud is a challenge and there is no 100% full-proof way to avoid it. The steps below however should be used to determine the likelihood of a transaction being fraudulent.

3D Secure Test

By implementing 3D secure you can be confident that the shopper making the purchase is the true card-holder. It is estimated that 80% of all chargebacks/disputes fall into the “friendly fraudster" category so by checking for 3D secure, even if the cardholder is not enrolled, the liability is shifted back to the card issuer and not the merchant.

BIN/IIN Check

The BIN (Bank Identification Number) or IIN (Issuer Identification Number) as it is now called is the first 6 digits of the PAN (Primary Account Number) or long card number. One way to check if the shopper actually possesses the card they used on the website is to call and ask them if they can confirm which bank issued the card to them. Whilst in isolation this does not guarantee they have the physical card in their possession, it is a positive indicator and allows you to check the card against a BIN database.

Maximum Value Check

This checks the total value of an order, which could be an indicator of fraud if it is unusually high for your store. Large order values carry increased risks and consumers usually wouldn't place a large order for their first purchase. These orders can then be dealt with using BACS and goods should only ever be shipped once payment has cleared to a traceable/contactable address.

Know Your Customer (KYC) Checks

These checks involve being able to identify and trace the shopper, if needed.

Email Address – Any free email accounts such as live.com, yahoo.com, gmail.com etc should be treated with extreme caution as they can be freely and easily created and are the common choice of fraudsters. An email at a valid domain is better as it is more traceable

Telephone – We should always be able to capture a landline phone number. In doing so the person is traceable via BT or their telecoms provider. Whilst some users do not have landlines and instead rely on their mobiles this carries increased risk and these orders should be treated as suspicious

“Just a note to say that the site looks great and thanks to all in your business for the hard work done. I am sure we will continue trading for a long time!!!”

- R Evans - Barloworld -

Where to Find Us

Head Office

3-4 Millars Brook Molly Millars Lane Wokingham Berkshire RG41 2AD United Kingdom

Northern Office

21 Great George Street Wigan Lancashire WN3 4DL United Kingdom

London Office

71-75 Shelton Street Covent Garden London WC2 9JQ United Kingdom

Request a Callback