Adeptra Inc. has been independently assessed and deemed compliant with the Payment Card Industry Data Security Standard (PCI DSS) as part of its commitment to safeguarding its customer data.
Trustwave, a leading provider of information security and compliance management solutions to businesses and organisations throughout the world, performed the PCI DSS review.
PCI DSS is the payment card industry security standard for entities that process, transmit or store cardholder data, and has been endorsed by all the major card brands Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The PCI DSS is a framework for the secure handling of cardholder data.
Under the PCI DSS, payment service provider compliance requirements are segmented into three levels based on the number of transactions processed and/or transmitted annually.
To obtain PCI DSS compliance, Adeptra had to meet the stringent security requirements of the credit card brands, submitting to a rigorous review of its information security policies, procedures and IT environment, which included the following:
Gap Analysis: Determines the effectiveness of current security controls Compliance Validation Services: Remote and on-site data security and compliance management solutions to complete the PCI validation process, address any discovered vulnerabilities and achieve and maintain PCI compliance.
Vulnerability Scanning: A remote scan of a merchants transaction network to detect weaknesses that could be exploited by hackers or unauthorised third-parties. Penetration Testing: Ethical “hacking” of an IT environment Remediation Recommendations: A Compliance Report that includes data gathered from the Self-assessment Questionnaire and vulnerability scan, and outlines actions required to address any vulnerabilities On-Site Review: Required by PCI DSS regulations, a yearly on-site assessment of the IT environment, specifically at both data centers and corporate offices
Report on Compliance (ROC): To benchmark Adeptra with the PCI DSS