%kb_name - %short_descr - Knowledge Portal

PCI Compliance Information

Any business that stores, processes or transmits cardholder data is required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Based on the volume of transactions occurring on the Four51 OrderCloud application, Four51 is currently PCI DSS Level 3 compliant.

The PCI Data Security Standard is managed by the Cardholder Information Security Program which was developed to protect credit card data across all points of a transaction ensuring that cardholders, merchants and service providers maintain the highest information security standards.

PCI compliant credit card processing service providers are required to adhere to a standard set of 12 security practices.

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

Upon inception of PCI, Four51 was required to be PCI Level 1 compliant. Four51 passed the rigorous third party audit by a qualified security assessor (QSA) in order to achieve compliance with the PCI DSS and obtain the required program validation. As the PCI DSS requirements have changed to reflect transaction volume, Four51 is now required to be Level 3 compliant. This level of compliance requires:

Approval by a merchant bank of our annual Self Assessment Questionnaire ("SAQ D")
Quarterly network scans conducted and approved by a certified scan vendor (ASV Qualys)
Attestation of Compliance

By complying with the PCI Data Security Standard, Visa members, merchants and service providers not only meet their obligations to the payment system, but also build a culture of security that benefits everyone.