The Payment Card Industry Data Security Standards (PCI DSS) acts as a standard for handling card data securely. Tazapay is currently PCI DSS 3.2.1 Level 1 Certified - the highest level of certification for this security standard.
The Payment Card Industry Data Security Standards (PCI DSS) is a set of standards put in place by the Payment Card Industry Security Standards Council (PCI SSC) to ensure that customer data, especially their credit card info, is handled securely when payment companies help them make their transaction online.
Handling data up to PCI DSS compliance requires:
- Assurance that customer card details are collected and transmitted securely during the online transaction.
- Secure data storage such as encryption, ongoing monitoring, and security testing of access to card data.
- Annual validation of security controls. This includes using forms, questionnaires, external vulnerability scanning services and 3rd party audits
Tazapay's level 1 compliance now means that we have passed the audits required to process more than 6 million transactions yearly by card. To do so, we are required to pass the following assessments:
- Annual Report on Compliance (ROC) issued by a Qualified Security Assessor (QSA), which is also known as a Level 1 Onsite Assessment
- Quarterly network scan from this list of Approved Scan Vendors (ASV), and
- Attestation of Compliance (AOC) for Onsite Assessments