What is PCI DSS Certification?
PCI DSS stands for Payment Card Industry Data Security Standard(PCI DSS)developed to encourage and improve cardholder data security and facilitatethe broad adoption of consistent data security measures globally, it is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
The PCI Standard is directed by the major card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that generates a Report on Compliance (ROC) for the organizations dealing with large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
PCI DSS provides a baseline of technical and operational requirementsdesigned to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors,acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/orsensitive authentication data (SAD).
Qualified Security Assessor (QSA)
Qualified Security Assessor (QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI DSS standard. Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI DSS.
PCI DSS 3.0 SAQ A Compliance
In order to assist merchants and service providers in validating compliance with the PCI DSS, a number of Self -Assessment Questionnaires (SAQs) have been made available, each applicable to a specific payment scenario. Dependent on the volumes of card data transacted, validation can be by self-assessment and the relevant SAQ documentation, rather than formal audit.
SAQ A applies to card-not-present merchants (e-commerce or mail/telephone order) who have completely outsourced all cardholder data processing functions and have no electronic storage, processing or transmitting of cardholder data. The service providers managing cardholder data on behalf of the merchant must also be validated as PCI compliant; otherwise their environment must also be assessed as part of the merchant’s compliance program.
Entirely outsourcing all cardholder data functions does not mean a merchant does not have to be PCI compliant, as cardholder data is still being processed (by a third-party) using their merchant ID. However, the requirements that the merchant must comply with are minimal.
Completing and maintaining SAQ A is therefore a fairly trivial exercise for merchants and the requirements address two key areas. Firstly, any paper copies of cardholder data (such as merchant copy receipts or reconciliation reports) must be physically protected or destroyed. Secondly, a list of service providers should be maintained and their compliance status monitored. And this type of SAQ would not be applicable for face-to-face channels.
PCI DSS Certification by Panacea InfoSec
Panacea InfoSec is a leading PCI DSS compliance service provider, ideally placed to become a compliant and stay compliant with this standard.All organizations that store transmit or process cardholder information need to comply with the standard. It offers PCI DSS compliance assessment service as per the specific client’s various requirements.
Recognized by the PCI (Payment Card Industry) Security Standards Council as a PCI DSS QSA Panacea Infosec Pvt. Ltd. is the only PCI QSA Company based out of Northern India.
PCI DSS Certification to Pandaje Tech
Pandaje Tech is enrolled in Panacea InfoSec's compliance program to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandated by all the major credit card brands. The type of certification with Pandaje Tech has“PCI DSS 3.0 SAQ A Compliance”allowing customers to ensure about a secured online payments certified by the professionals. This certification is offered by Panacea Infosec Pvt. Ltd, which is accredited by the PCI (Payment Card Industry) Security Standards Council to provide such certification officially.