Felix completed its certification as a Payment Card Industry- Data Security Standard (PCI DSS) Level 1 Service Provider. This certification followed a comprehensive audit of our technology, security, hosting environments, and internal processes, ensuring card data is stored, processed, and transmitted in a secure ecosystem.
Cardholder data security is one of the most significant issues currently facing the payments industry. The PCI DSS is a detailed security standard that includes requirements for security management, policies, procedures, infrastructure, software design, and other critical protective measures.
What is PCI DSS?
PCI DSS is a set of global standards to secure and safeguard card data through the payment process.
The PCI standards for compliance are governed by the PCI Security Standards Council (PCI SSC), consisting of American Express, Discover, JCB International, Mastercard, UnionPay, and Visa Inc representatives.
The PCI SSC does not have the legal authority to compel compliance. However, it is a requirement for any entity that processes a credit or debit card payment. Although, PCI certification is considered the global gold standard in the protection of sensitive customer information.
What is Level 1 PCI compliance?
The level 1 PCI compliance is one of four merchant compliance levels dictated by the yearly volume of card transactions. Level 1 is the highest level of PCI DSS compliance and makes provisions for processing more than 6 million transactions annually.
PCI DSS Level 1 – greater than 6M Mastercard or Visa transactions annually, OR, a merchant that experiences a data breach, OR, a merchant deemed level 1 by a card association.
PCI DSS Level 2 – between 1M and 6M Mastercard or Visa transactions annually.
PCI DSS Level 3 – between 20,000 and 1M Mastercard or Visa transactions annually.
PCI DSS Level 4 – less than 20,000 Mastercard or Visa e-commerce transactions annually, OR up to 1M Mastercard or Visa transactions annually.
The PCI DSS covers 12 categories of requirements
The 12 PCI DSS categories cover security management, policies, procedures, network architecture, software design that service providers must adhere to when protecting sensitive data.
Build and Maintain a Secure Network and Systems
1: Install and maintain a firewall configuration to protect cardholder data.
2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
3: Protect stored cardholder data.
4: Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
5: Protect all systems against malware and regularly update anti-virus software or programs.
6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
7: Restrict access to cardholder data by business need to know.
8: Identify and authenticate access to system components.
9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
10: Track and monitor all access to network resources and cardholder data.
11: Regularly test security systems and processes.
Maintain an Information Security Policy
12: Maintain a policy that addresses information security for all personnel.
Felix takes security seriously and underwent a rigorous auditing process conducted by a PCI Security Standards Council Qualified Security Assessor (QSA). Dara Security conducted the assessment, an award-winning security-focused company founded by leaders in the information security industry. Dara Security has worked with numerous retail organizations, e-Commerce sites, payment application software vendors, financial institutions, medical organizations, and many other businesses in compliance and risk management.
For more information about the Felix technology, please contact our customer success team.