Advansys are one of the very few eCommerce vendors who have achieved PCI DSS Level 1 accreditation and are approvied by VISA Europe as a fully PCI managed service hosting provider. What this means is that Advansys are compliant against the 12 stringent PCI Requirements stipulated by the PCI Security Standards Council. If you have a compromise and your ecommerce vendor is PCI DSS Level 1 Compliant like Advansys this will take you out of scope of being fined by the card payment industry. Take PCI seriously as it could save you 1000s
PCI can be very confusing for the customer as so many vendors 'claim' they are PCI compliant, but when you dig deeper they are not compliant for the whole 12 PCI requirements. Some ecommerce vendors may state that they are PA –DSS compliant (payment application-qualified security standard) which means that they have validated that their payment application complies with PCI DSS, but only the payment application part of the 12 requirements. This means that it is still the customers responsibility and due diligence to make sure that the hosting company is PCI compliant and all of the vulnerability checks are carried out, for example AV (anti virus scanning), logging, audit trials and file integrity monitoring and much more. In addition if the software itself is not installed against the PCI strict guidelines and to be continued to be developed against the PCI security coding standards then this too will not be PA – DSS.
If you are a merchant who does not take, transmit or hold credit card details then as a merchant you do not need to be PCI compliant. That means you also don't need to fill out the self assessment questionnaire. However, it is the merchants responsibility and due diligence to make sure the ecommerce vendor, software, payment gateway provider, and hosting provider is PCI compliant level 1. If they are not and there is a compromise on the ecommerce website then it will be the merchant who will be liable for a fine of a minimum amount of £10,000. Advansys can take away this worry and concern as we are a fully PCI DSS Level managed service provider which means we take care of all of the 12 requirements.
If you are a merchant that does take or hold credit card details (in other words take telephone orders) then you do fall in scope of having to be PCI compliant for two of the requirements. To be compliant against these two requirements you need to fill out the PCI self assessment questionnaire. In order to comply to the other 10 requirements it is the merchants responsibility and due diligence to make sure ecommerce vendor, software, payment gateway provider, and hosting provider is PCI compliant level 1. Advansys can take away this worry and concern as we are a fully PCI DSS Level 1 managed service provider which means we take care of all of the 10 requirements and assist in filling out the self assessment questionnaire.
For more information about PCI compliancy, please contact us
- Paul Gurnell - GlaxoSmithKline -