online payment gateway - eKashu



Payment Card Industry Data Security Standard (PCI DSS)

Certification
CreditCall Communications Ltd, the company operating the eKashu payment gateway service is certified as a Level 1 compliant provider under the Payment Card Industry Data Security Standard (PCI DSS). This is the highest level of compliance.

CreditCall is independently audited annually by a Visa Qualified Security Assessor (QSA) and is subject to rigorous security vulnerability scanning every three months.

Please click here to see our PCI DSS certificate of approval.

You can confirm CreditCall’s approval status on the Visa Europe website at:
http://www.visaeurope.com/documents/ais/service_providers.pdf?d=020307

And in the USA at:
http://www.usa.visa.com/download/merchants/cisp_list_of_cisp_compli
ant_service_providers.pdf

What is PCI DSS?
The current PCI DSS is the harmonisation of standards originally written by Visa and MasterCard International in order to establish a standard set of requirements throughout the payment card industry. The standard is applicable to all merchants and payment gateways that store, process or transmit cardholder data.

Install and maintain a firewall configuration to protect data
Do not use vendor-supplied defaults for passwords or other security parameters
Protect stored data
Encrypt the transmission of cardholder data and sensitive information
Use and regularly update anti-virus software
Develop and maintain more secure systems and applications
Restrict access to data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security to build and maintain a secure network
To protect cardholder data
To maintain a vulnerability management program
To implement strong access control measures
To regularly monitor and test networks
To maintain an Information Security Policy
Does PCI DSS affect eKashu merchants?
If you use eKashu Payment Page you will not need to undergo a PCI DSS audit. With these systems, the collection and storage of card details is carried out by CreditCall and is covered by our PCI DSS approval.

If you plan to use eKashu Virtual Terminal and collect the card details in order to enter them into the Terminal, it is advisable that you read through the PCI DSS requirements to make sure that you adhere to the best practice guidelines. If you process a very small number of transactions in this way, then it is advisable for you to make sure that you destroy any cardholder data once you have entered it into the Virtual Terminal, so that you never store any cardholder data yourself.

Merchants using CardEaseXML directly integrated within their website collect card details on their site before sending them to eKashu. If you choose to use CardEaseXML you will therefore need to ensure that you are PCI DSS compliant. The level of compliance will depend upon the number of transactions processed per year.

Merchants are currently categorized into 4 levels, namely:

Level 1   Any merchant - regardless of acceptance channel -               processing over 6,000,000 Visa transactions per year. Any               merchant that has suffered a hack or an attack that               resulted in an account data compromise. Any merchant               that Visa, at its sole discretion, determines should meet the               Level 1 merchant requirements to minimise risk to the Visa               system Any merchant identified by another payment card               brand as a Level 1. Requires an Annual Onsite Security               Audit + Quarterly Network Scan.

Level 2   Any e-commerce merchant processing 150,000 to               6,000,000 Visa transactions per year. Requires an Annual               Self Assessment Questionnaire + Quarterly Network Scan.

Level 3   Any e-commerce merchant processing 20,000 to 150,000               Visa transactions per year. Requires an Annual Self               Assessment Questionnaire + Quarterly Network Scan.

Level 4   All other merchants, regardless of acceptance channel               Strongly recommended an Annual Self Assessment               Questionnaire + Annual Network Scan.

How do I comply?
Depending on your level of classification in the above table, you can either carry out a self-assessment or you will need a specialist company to audit your business. CreditCall uses a Qualified Security Assessor (QSA) called One Sec to carry out audits and assessments.

one-SEC


What happens if I do not comply?
If you fail an audit you will be given a period of time to make the recommended changes to your security procedures. If you refuse to comply with the audits or if you experience a breach in security, you may be subjected to heavy fines and in extreme cases you may be prevented from accepting cards.


 Apply now for an account

Online Payment Gateway CreditCall Communications Ltd.
Registered Office: Merchants House South, Wapping Road, Bristol BS1 4RW. Registered No: 3295353. VAT Registered No: 713 0076 80.

Privacy and Cookies Policy | Terms of Use | Site Map