Cardinity Certified as a PCI-DSS Level 1 Service Provider

Cardinity, a credit and debit card payment processing service provider, completes PCI-DSS (Payment Card Industry Data Security Standard) Level 1 Service Provider Certification. Transitioning from PCI DSS Level 2 to PCI DSS Level 1 requires a lot of preparation and resources. As Cardinity complies with the rigorous PCI standard, online merchant using Cardinity services can be sure that they are using payment services protected by the highest standard.

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations which deal with branded credit and debit cards. It is a compulsory set of requirements that organizations are supposed to meet in order to reduce the risk of any criminal activity related to storing and processing credit and debit card data. Even though PCI DSS is applied to all companies which accept, process, store or transmit credit and debit card data, there are four PCI DSS levels which are based on transaction volumes over a 12-month period. In other words, PCI DSS Level 1 is the highest security level.

In short, in order to be PCI DSS compliant, a company must meet 12 security controls:

1. Install and maintain a firewall configuration to protect cardholder data.
2. Do not use vendor-supplied defaults for system passwords and other security parameters.
3. Protect stored cardholder data.
4. Encrypt transmission of cardholder data across open, public networks.
5. Use and regularly update anti-virus software.
6. Develop and maintain secure systems and applications.
7. Restrict access to cardholder data by business need-to-know.
8. Assign a unique ID to each person with computer access.
9. Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

Why is PCI DSS important?

• Even though it was created a long time ago (in 2006), it is still a universally accepted standard which guarantees safe payments. It is mandatory for all payment service providers dealing with credit card information.
• The main purpose of the PCI DSS is to prevent credit card fraud and set good practices for companies which deal with card information.
• PCI DSS affects everyone involved in a transaction – the buyer, the merchant and the payment service provider.
• Having a PCI DSS certificate can also boost customer confidence. Buyers are more likely to do business with a trusted company which handles sensitive customer information in a safe manner.
• Not being PCI DSS compliant can cause severe issues to your company – from losing trust from your customers to enormous fines from the card networks.
• If you maintain the PCI standard, it can also improve your operational activity and help you to detect and prevent both physical and network-based attacks.

Is PCI DSS mandatory?

Even though any law does not require PCI DSS compliance, it is a universally-used standard for any companies or organizations which handle credit card information. Consequently, failing to comply with the PCI regulations, may lead to significant consequences.

What does this mean for Cardinity merchants?

In essence, it means that the transactions performed using Cardinity payment gateway are protected to the fullest extent. During the times when e-commerce is becoming more prevalent than ever, the number of cases of credit card fraud has also increased. All in all, with Cardinity, merchants can be sure that their online businesses are all covered security-wise.