PCI Hosting - Redbee

PCI Certified Hosting

Redbee has extensive experience in designing and maintaining environments that are PCI compliant. Systems designed by Redbee have been audited succesfully by independend auditors several times. Based on this experience we created the following services:

PCI secure hosting
PCI audits
PCI advies
Certified QSA

Contact us for more information about our PCI-DSS services. Dependent on the needs we can create an advice taylored to your situation.

What is PCI

There are multiple standards to secure ICT-systems and environments. When systems handle creditcard data, store creditcard data or process creditcard transactions, the Payment card industry (PCI) security standard applies. This standard, PCI-DSS, is used globally as a framework to protect creditcard data from misuse and theft. The PCI-standard is public and available through the PCI website.

How do I become PCI compliant?

To become PCI compliant, a number of issues have to be addressed regarding infrastructure, software use, software development, system administration, policies and procedures and emergency plans. All rules are centered around the fact that creditcard data must always be secure and never compromised.

Dependent on the type of merchant, each year an on-site audit will be required, executed by a Qualified Security Assessor (QSA). These auditors check if the PCI standard is followed. Also periodic security scans have to be executed. These scans are both external (penetration-tests) as internal. For smaller merchants the yearly on-site audit is not required. These merchants will have to file a completed Self-Assessment Questionair (SAQ). For more information regarding the merchant levels, see the table below.

How can Redbee help me?

Redbee has multiple customers that are PCI compliant. The customers are in all PCI levels, from 1 to 4. We have experience in assisting at on-site audits and completing the SAQ. When you have to comply to the PCI standard, we can help you accomplish this. As a Redbee customer, take advantage of our experience with PCI. Multiple of our staffmembers are CISSP certified, and we have a close co-operation with Fortytwo, one of the few Dutch PCI-QSA's.

For questions regarding PCI, or secure hosting in general, don't hessitate to contact us.

Level/Tier¹	Merchant Criteria	Validation Requirements
1	Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region ²	Annual Report on Compliance (ROC) by Qualified Security Assessor (QSA) Quarterly network scan by Approved Scan Vendor (ASV) Attestation of Compliance Form
2	Merchants processing 1 million to 6 million Visa transactions annually (all channels)	Annual Self-Assessment Questionnaire (SAQ) Quarterly network scan by ASV Attestation of Compliance Form
3	Merchants processing 20,000 to 1 million Visa e-commerce transactions annually	Annual SAQ Quarterly network scan by ASV Attestation of Compliance Form
4	Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually	Annual SAQ recommended Quarterly network scan by ASV if applicable Compliance validation requirements set by acquirer

Source: http://usa.visa.com/merchants/risk_management/cisp_merchants.html

¹ - Compromised entities may be escalated at regional discretion

² Merchant meeting Level 1 criteria in any Visa country/region that operates in more than one country/region is considered a global Level 1 merchant. Exception may apply to global merchants if no common infrastructure and if Visa data is not aggregated across borders; in such cases merchant validates according to regional levels.

Products & Services

Live advies

Support

Knowledge base

Search for articles in our knowledge base.

© 2010|
Disclaimer|
Redbee is a tradename of Fortytwo BV |
Site by memento