Can you explain your PCI compliance program & level? You would like to determine if we are Payment Card Industry (PCI) compliant and at what level of compliance we are registered. You may need proof of compliance (an Attestation of Compliance) for your organization.
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).
To be in compliance with this standard, all of our Internet connections, assigned IP addresses, and all Internet connected servers (Web, email, DNS, etc.) must have no level 3, 4 or 5 severity vulnerabilities in their most recent security audit. Audits must be conducted at least every 90 days.
DoJiggy is a compliant Level 2 service provider. This designation signifies that we store, process and/or transmit less than 300,000 Visa transactions annually. Level 2 service providers complete an Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan to demonstrate compliance. See Visa's Provider's standards for more information.
We are responsible for demonstrating PCI compliance and do not allow outside 3rd parties to perform PCI scans on our infrastructure without our express permission. Scans done without our permission may be blocked by our security software, and may have false positives, invalid results, and incomplete PCI scoping. A 3rd party simply does not know what parts of our infrastructure are 'in scope', making any attempt to use an external PCI scan inherently invalid.
Attestation of Compliance
Please contact us to review a recent Attestation of Compliance. This document can be used to show PCI compliance.