Is your eCommerce supplier PCI DSS Level 1 Compliant?

With online fraud at an all time high and consumer awareness of lost and stolen credit card data increasing, it is imperative that security and fraud are an integral part of your eCommerce strategy. Criminals have gone high tech and have discovered that there is a significant amount of money to be had with very little risk. Fraud is not to be taken lightly.

Advansys has achieved the highest level, Tier 1 Compliance Certification with the Payment Credit Card Industry Data Security Standard (PCI DSS) which demonstrates that all of our business processes and infrastructures meet the highest level of security throughout the life-cycle of a credit card transaction.

The Highest Level of Security: PCI DSS Level 1

There are the four levels of PCI compliance as mandated by the Payment Card Industry Security Standards Council (PCI SSC), which is made up of MasterCard Worldwide, Visa, American Express, Discover Financial Services and JCB International. Advansys has the highest Tier 1 Compliance Certification.

Companies that meet Level 1 compliancy must have yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor.

Any company at levels 2, 3 or 4 complete an annual Self Assessment Questionnaire.

Can you trust 'self-assessment' where your company information, reputation and client confidentiality is at risk? Potentially, but are you prepared to run the risk?

Is your eCommerce supplier PCI DSS Level 1 Compliant?

What Is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standards) are a set of technical and operational requirements that have been set up to protect card holder data. Any company that stores, processes, or transmits cardholder data must be PCI DSS compliant.

PCI DSS: 12 Security Requirements

The PCI Data Security Standards consist of 12 requirements that mirror best security practices. Complying to these will alleviate any vulnerabilities and thwart theft of cardholder data.

Build and maintain a secure network
- Firewall configuration to protect cardholder data
- Passwords and security parameters
Protect cardholder data
- Protect stored cardholder data
- Encryption of cardholder data
Maintain a vulnerability management program
- Latest anti-virus software
- Develop and maintain secure systems
Implement strong access control measures
- Restrict access to cardholder data
- Unique IDs for computer access
- Restrict physical access to cardholder data
Regularly monitor and test networks
- Track and monitor all access to networks
- Regularly test systems (penetration testing)
Maintain an information security policy
- Maintain a policy that addresses information security

For more information: https://www.pcisecuritystandar... Security: Fraud Screening

Here at Advansys we take data security seriously. Aside from being PCI DSS Level 1 complaint, the advansys Ecommerce Management System includes advanced security features to protect your business from hacking, fraud and other security risks.

Preventing online fraud is a challenge and there is no 100% full-proof way to avoid it. The steps below however should be used to determine the likelihood of a transaction being fraudulent.

3D Secure Test

By implementing 3D secure you can be confident that the shopper making the purchase is the true card-holder. It is estimated that 80% of all chargebacks/disputes fall into the “friendly fraudster" category so by checking for 3D secure, even if the cardholder is not enrolled, the liability is shifted back to the card issuer and not the merchant.

BIN/IIN Check

The BIN (Bank Identification Number) or IIN (Issuer Identification Number) as it is now called is the first 6 digits of the PAN (Primary Account Number) or long card number. One way to check if the shopper actually possesses the card they used on the website is to call and ask them if they can confirm which bank issued the card to them. Whilst in isolation this does not guarantee they have the physical card in their possession, it is a positive indicator and allows you to check the card against a BIN database.

Maximum Value Check

This checks the total value of an order, which could be an indicator of fraud if it is unusually high for your store. Large order values carry increased risks and consumers usually wouldn't place a large order for their first purchase. These orders can then be dealt with using BACS and goods should only ever be shipped once payment has cleared to a traceable/contactable address.

Know Your Customer (KYC) Checks

These checks involve being able to identify and trace the shopper, if needed.

Email Address – Any free email accounts such as live.com, yahoo.com, gmail.com etc should be treated with extreme caution as they can be freely and easily created and are the common choice of fraudsters. An email at a valid domain is better as it is more traceable

Telephone – We should always be able to capture a landline phone number. In doing so the person is traceable via BT or their telecoms provider. Whilst some users do not have landlines and instead rely on their mobiles this carries increased risk and these orders should be treated as suspicious

Reviews

What Our Customers Say

We have been working with Advansys for a number of years now. Recently, we asked them to implement an integration for an automatic e-signature process (in order to streamline our operations). Advansys stepped up to the Challenge, with the team communicating with ourselves and the e-signature provider, in order to deliver a great integration. They also supported us post-go-live to ensure everything was stable.

Reach Centrum Ltd

Really helpful team who explain everything clearly and concisely and are always available to assist with issues as and when they arise.

Ledbury Town Council

We have had our website with Advansys for a few years now, it was a breath of freshair working with the team and updating our tired website. Recently we have wanted to add some extra modules. It was good to be able to speak with the to explain what we wanted and to work with them again.

Trident Engineering Ltd

My Website of almost 20 years crashed and all was lost. The world was at an end for Easy Care Systems, BUT….. Advansys to my rescue. Awesome, Brilliant, Fantastic. I could not rate Advansys high enough and I wish there were more stars to rate the company and the team. From scratch to over 500 products with custom coding and constant emails and phone calls from me they pulled it out of the bag. Thank you to the brilliant team that worked so hard on the NEW and improved Easy Care Systems website. “ADVANSYS I thank you”

Easycare Systems Ltd

Writing reviews is something I’m not known for, but in the case of Advansys, it has to be said that after years of experience dealing with companies that fail to deliver the right services, Advansys just nail it. Looking to develop and progress our business further, we tasked Advansys to design & build an extremely complex website. The team listened to our needs, gave good constructive feedback, and delivered the most well designed and slick website our company has ever seen. We look forward to working long-term with Advansys, and have already begun planning the next phase of development for our business.

Forth Windows Ltd

Payment Data Security and Fraud

Is your eCommerce supplier PCI DSS Level 1 Compliant?

The Highest Level of Security: PCI DSS Level 1

What Is PCI DSS?

PCI DSS: 12 Security Requirements

3D Secure Test

BIN/IIN Check

Maximum Value Check

Know Your Customer (KYC) Checks

Reviews

Contact us

Follow us

Head office

London office

We would love to hear from you