PCI Managed Services

If your ecommerce site has a compromise you will be fined £10,000 or more.

Advansys are one of the very few eCommerce vendors who have achieved PCI DSS Level 1 accreditation and are approvied by VISA Europe as a fully PCI managed service hosting provider. What this means is that Advansys are compliant against the 12 stringent PCI Requirements stipulated by the PCI Security Standards Council. If you have a compromise and your ecommerce vendor is PCI DSS Level 1 Compliant like Advansys this will take you out of scope of being fined by the card payment industry. Take PCI seriously as it could save you 1000s

Who is PCI compliant level 1?

PCI can be very confusing for the customer as so many vendors 'claim' they are PCI compliant, but when you dig deeper they are not compliant for the whole 12 PCI requirements. Some ecommerce vendors may state that they are PA –DSS compliant (payment application-qualified security standard) which means that they have validated that their payment application complies with PCI DSS, but only the payment application part of the 12 requirements. This means that it is still the customers responsibility and due diligence to make sure that the hosting company is PCI compliant and all of the vulnerability checks are carried out, for example AV (anti virus scanning), logging, audit trials and file integrity monitoring and much more. In addition if the software itself is not installed against the PCI strict guidelines and to be continued to be developed against the PCI security coding standards then this too will not be PA – DSS.

Being PCI compliant can save you thousands of pounds

If you are a merchant who does not take, transmit or hold credit card details then as a merchant you do not need to be PCI compliant. That means you also don't need to fill out the self assessment questionnaire. However, it is the merchants responsibility and due diligence to make sure the ecommerce vendor, software, payment gateway provider, and hosting provider is PCI compliant level 1. If they are not and there is a compromise on the ecommerce website then it will be the merchant who will be liable for a fine of a minimum amount of £10,000. Advansys can take away this worry and concern as we are a fully PCI DSS Level managed service provider which means we take care of all of the 12 requirements.

When choosing an eCommerce vendor PCI should be at the top of your list.

If you are a merchant that does take or hold credit card details (in other words take telephone orders) then you do fall in scope of having to be PCI compliant for two of the requirements. To be compliant against these two requirements you need to fill out the PCI self assessment questionnaire. In order to comply to the other 10 requirements it is the merchants responsibility and due diligence to make sure ecommerce vendor, software, payment gateway provider, and hosting provider is PCI compliant level 1. Advansys can take away this worry and concern as we are a fully PCI DSS Level 1 managed service provider which means we take care of all of the 10 requirements and assist in filling out the self assessment questionnaire.

Benefits of being pci compliant with advansys

• Prevent any fines (over £10,000) if there is a compromise
• Hosting includes quarterly scanning by an approved ASV as stipulated by the PCI SSC - reports to be supplied
• Any issues relating to coding or configuration flagged by ASV scanning shall be automatically rectified
• Annual "Pen Testing" (pentration testing/ethical hacking) by an external party to test security of the infrastructure
• File Integrity Monitoring (FIM) on the solution for validation of any changes to source code
• Hosting shall provide a PCI DSS Level 1 hosting platform to the solution specifically meeting all of the 12 PCI requirements
• Reduces the risk of fraud and prevent a compromise
• Banks may give you better rates as a Merchant for being PCI compliant.
• Peace of mind for the internet shopper (Advansys will put a PCI compliant logo on the customers website).
• Advansys are experts in coding standards and therefore can quickly fix any vulnerabilities that may occur on the customers website.

For more information about PCI compliancy, please contact us