Can you explain your PCI compliance program & level?

Synopsis
You would like to determine if we are Payment Card Industry (PCI) compliant and at what level of compliance we are registered. You may need proof of compliance (an Attestation of Compliance) for your organization.

Solution
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB).

To be in compliance with this standard, all of our Internet connections, assigned IP addresses, and all Internet connected servers (Web, email, DNS, etc.) must have no level 3, 4 or 5 severity vulnerabilities in their most recent security audit. Audits must be conducted at least every 90 days.

DoJiggy is a compliant Level 2 service provider. This designation signifies that we store, process and/or transmit less than 300,000 Visa transactions annually. Level 2 service providers complete an Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan to demonstrate compliance. See Visa's Provider's standards for more information.

Scanning Procedures
We are responsible for demonstrating PCI compliance and do not allow outside 3rd parties to perform PCI scans on our infrastructure without our express permission. Scans done without our permission may be blocked by our security software, and may have false positives, invalid results, and incomplete PCI scoping. A 3rd party simply does not know what parts of our infrastructure are 'in scope', making any attempt to use an external PCI scan inherently invalid.

Any party attempting to scan our site as above will be in violation of our terms of use.

Please see our current PCI scan results and attestation provided below, and provide that to any requesting party. Contact us if you need a more recent scan.

We have attached a recent Attestation of Compliance here (March 2, 2018). This document can be used to show PCI compliance.

0 Comments

Article is closed for comments.