We have PCI DSS Level 1 Service Provider Status - The most rigorous status in the industry – to ensure you feel safe when partnering with us.
We work with you to design the system your business needs for PCI compliance
We will build your architecture and assist fully with migration and deployment
As a company that processes credit card transactions, or stores credit card information, you are a target. In June 2014, the motivation behind 58% of all hacking attempts was Cyber Crime. There are new security breaches in the news every few months, usually affecting millions of credit card holders.
This means obtaining PCI DSS compliance for your business is more than a regulatory necessity. It is the way to ensure your business, and your customers, are protected. The maximum fine for PCI DSS compliance violations is £50,000. However, the loss of trust in your business due to a security breach could be devastating. Contrary to popular belief, obtaining PCI DSS compliance doesn’t have to be hard. All you need is a trusted partner with the experience and commitment to help you.
We currently offer Level 1 PCI DSS compliant hosting to a range of businesses including multinational corporations in the travel insurance industry, online payment processors and e-commerce retailers. They turned to us because we know what is necessary to become, and stay, compliant:
Our network and management infrastructures are audited manually and these audits are submitted to VISA, who then endorses us with being Level 1 PCI Compliant. We perform annual audits and quarterly network scans, we are licensed to process in excess of 24 million transactions per year on our hosting architectures.
Whether you need PCI Level 1, 2, 3, or 4 – or if you are not yet sure – our specialised technicians will work with you to create a solution tailored to your business. Our managed PCI services include the following:
We help you every step of the way: information security policies, secure network architecture design, and gap analysis.
We manage the network starting with a “deny-all” default firewall setting, then maintain it with the latest patches, anti-virus agents, and enforce remote authentication to individuals. These measures ensure you have up to date protection from the latest threats, and fulfils annual PCI DSS hosting compliance requirements.
Customised penetration testing service provides a comprehensive analysis of your level of protection against compromise. This includes network and application security testing provided by an approved scanning vendor.
We are ready to work with your existing QSA, or can recommend one. Our experience means we understand the importance of the relationship between you and the QSA in making audits quick and efficient.
The key to a successful and painless audit is a proper log trail. We provide all the data (security logs, policies, testing results, etc.) you need to satisfy your QSA and prove your compliance requirements.
In addition to ensuring network performance, our constant monitoring means that nothing happens without proper documentation. You will always have the evidence you need for your audit.
If your business processes credit card transactions, or maintains paper records, you need to be PCI DSS compliant. It doesn’t matter if you only take credit card orders over the phone, in person, on your website, or through a third party processor. The requirements though, for becoming PCI DSS compliant depend upon how you take and maintain credit card information. If you have questions, contact us today and we can help you determine if you need PCI DSS compliant hosting.
The goal of many companies offering hosting for PCI compliance is just that – to get you a compliance certificate. They will help you do what’s necessary to check off the boxes and pass your audit. The solutions they offer will meet the minimum requirements for your PCI level.
At SysGroup we work with you to determine the right security solutions to meet your needs and regulatory requirements. Often this means that the services we provide exceed the standards set by PCI DSS.
Talk to us now to discuss how we can provide your perfect PCI hosting solution.
PCI Compliance levels are determined by the various credit card issuing brands such as Visa and MasterCard. The following categories define the criteria used by Visa, however most other brands refer to Visa, or have similar definitions to determine compliance levels.
6 million or more transactions per year Level 1 compliance is required for any merchant processing six million or more transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations. Visa also reserves the right to require Level 1 compliance by any merchant they determine needs to be in order to protect the Visa system. In order to obtain and maintain Level 1 compliance, merchants need to produce an annual report on compliance by a Qualified Security Assessor.
Between 1 and 6 million transactions per year Level 2 compliance is required for any merchant processing between 1 million and six million transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online. In order to obtain and maintain Level 2 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ).
Between 20,000 and 1 million transactions online per year Level 3 compliance is required for any merchant processing between 20,000 and 1 million e-commerce transactions per year. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations. In order to obtain and maintain Level 3 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans by an Approved Scan Vendor, and complete an Attestation of Compliance Form.
Less than 20,000 e-commerce transactions, or less than 1 million transactions offline per year Level 4 compliance is required for any merchant processing less than 20,000 e-commerce transactions per year. It is also required of any merchant processing less than 1 million transactions via any other channel (telephone, in person, or otherwise non-ecommerce channel). All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations. In order to obtain and maintain Level 4 compliance, it is recommended merchants complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans if applicable by an Approved Scan Vendor, and complete any additional requirements set forth by their merchant bank.