Can you explain your PCI compliance program & level?

You would like to determine if we are Payment Card Industry (PCI) compliant and at what level of compliance we are registered. You may need proof of compliance (an Attestation of Compliance) for your organization.

The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).

To be in compliance with this standard, all of our Internet connections, assigned IP addresses, and all Internet connected servers (Web, email, DNS, etc.) must have no level 3, 4 or 5 severity vulnerabilities in their most recent security audit. Audits must be conducted at least every 90 days.

DoJiggy is a compliant Level 2 service provider. This designation signifies that we store, process and/or transmit less than 300,000 Visa transactions annually. Level 2 service providers complete an Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan to demonstrate compliance.

We have attached a recent Attestation of Compliance here (March 2, 2018). This document can be used to show PCI compliance.

See Visa's Provider's standards for more information.

NOTE: Effective February 1, 2009, Level 2 service providers will no longer be listed on Visas' List of PCI DSS Compliant Service Providers.



Article is closed for comments.