PCI DSS

The "Payment Card Industry Data Security Standards" ? PCI DSS in short ? are the globally valid security standards of the leading international credit card organisations.

Basically, all companies that accept cards and process, store or transfer data are obliged to prove their compliance with the PCI DSS security requirements. This applies to ConCardis just as much as it does to online and mail-order businesses or actual retail shops.

If these standards are not complied with, then in the worst cases of abuse or loss of card data, there is a risk of large fines and costly lawsuits.

The advantages to you

Increased data security and protection of your customers
More customer confidence and thus potential for more credit card use and higher turnover
Greater security from financial loss and claims for damages due to security breaches
Protecting the company's image by avoiding card data abuse
Evaluation of the amount of security afforded by systems that store, process and/or transfer cardholder data
Reduction of the business risk thanks to data minimisation and avoidance

Towards PCI-DSS certification thanks to ConCardis

ConCardis customers and partners can check on the Internet platform www.pciplatform.concardis.com whether they satisfy the PCI requirements and obtain certification. In the process, they will receive comprehensive data about the information and documentation processes they have to comply with.

The platform is an initiative of ConCardis and usd AG, an authorised PCI certifier.

PCI-DDS requirements

Set-up and maintenance of the firewall configuration to protect the data
No use of the system passwords or other security parameters preset or supplied by the retailer
Protection of stored data
Encrypted transfer of cardholder data and sensitive information through public networks
Usage and regular updating of anti-virus programs
Development and maintenance of secure systems and applications
Limitation of access to data based on the “need-to-know” principle
Allocation of unique identifiers to all people with computer access
Limitation of physical access to cardholder data
Tracing and supervision of all access to network resources and to cardholder data
Regular checks of security systems and processes
Maintenance of information security policies

Retailer categories and requirements

Dealer- Category	Self assess- ment	Security scan	Security audit
Level 1 > 6 million transactions per year with MasterCard and/or Visa via all sales channels (POS, e-Commerce, MOTO)	-	4 x per year¹	1 x per year
Level 2 1 to 6 million transactions with MasterCard and/or Visa via all sales channels (POS, e-Commerce, MOTO)	1 x per year	4 x per year¹	1 x per year
Level 3 20,000 to 1 million e-Commerce transactions per year with MasterCard and/or Visa	1 x per year	4 x per year¹	-
Level 4 All others	1 x per year	4 x per year¹	-