The Multiple Levels of PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard including the policies, practices and handling of data for organizations that store, manage, transmit or process payment card information. Depending on the number and type of transactions, a company may be required to meet a portion of PCI requirements or the full set of more than 200 requirements.
Trusted by Some of the Biggest Brands in the Market
Full PCI compliance is not merely managed at the data center level; it includes the policies, practices and reporting regarding the handling of data. Some of the biggest retail brands trust Concerto Cloud Services to not only provide PCI compliant platforms that secure their customer payment card data, but also deliver the necessary uptime for the heaviest web traffic and busiest shopping seasons.
Concerto’s PCI Package contains all of the necessary components for a fully-managed PCI compliant platform. Merchants processing credit cards are required to pass an annual assessment of PCI DSS compliance. The assessment type results in a standard of quality (SAQ) in one of four different categories: A, B, C and D. Each SAQ is intended to address different circumstances depending on how a company stores, processes or transmits cardholder data. SAQ D encompasses the full set of over 200 requirements and covers the entirety of the PCI DSS.
Concerto Cloud Services has attested to meet all four standards of the SAQ and provides the following services in our PCI Package.
Concerto Cloud Services PCI Package
| Application Firewall and Hardening Security Information and Event Management (SIEM) Syslog (Logging) Two-factor authentication Encryption: FIPS-140-2 Internet Load Balancing Dedicated Spotlight Server Patching of the required infrastructure and operating system components 4 Vulnerability Tests (1 per quarter) and 1 Penetration Test per year with a report to the customer of the findings |