PCI Compliance: How Customer and Payment Data is Protected
PCI DSS Compliance
PCI DSS stands for “Payment Card Industry Data Security Standards.” These standards are set by card associations like Visa, Mastercard, and American Express to ensure sensitive payment data is securely processed, transmitted, and stored. The PCI Security Standards Council determines and sets these security standards.
It’s important that service providers comply with PCI standards, as violating them can result in hefty fines. The PCI DSS applies to any business or organization that has anything to do with a cardholder’s data – transmitting, processing, or storing it.
Level 1 PCI Compliance
Our selected payments partner, Stax, is a Level 1 PCI Service Provider. Level 1 is the highest level of PCI compliance, and protecting sensitive data is their top priority. Level 1 service providers must attain a yearly Report on Compliance from a Qualified Security Assessor (QSA) or Internal Security Assessor after an onsite audit.
End-to-End Encryption and Tokenization
Besides PCI standards, Stax also takes a number of steps to secure cardholder data.
Card information is encrypted on all processing devices and never stored after the transaction is completed. Our payments partner’s state-of-the-art cloud architecture is constantly tested for vulnerabilities to ensure the safety and security of that sensitive data. And end-to-end encryption prevents interception of data by third parties and uses modern tokenization services. This prevents third parties from not only intercepting data but from viewing it as well.
Customer Data Protection
We take security seriously for all of our customers. As part of our commitment to our customers, Stax's technology is backed by a team of experts. They’re also a payment facilitator, meaning our customers can be onboarded quicker with enhanced security for PCI compliance.
They only use PCI and Federal Information Processing (FIP) approved protocols, including exclusive use of the TLS1.3. This layered approach to security means you can accept and manage payments in one of the industry’s most secure environments.
For both us and our customers, we understand fraud is a common concern. Fraud prevention is an integral part of our extensive security measures for cardholder data. Stax's proactive technologies monitor and investigate accounts for any possible unauthorized charges.
All of their programs are PCI compliant through integrations with financial partners, with “Know Your Customer” and Customer Identification Program checks to verify merchants, their businesses, and their funding accounts. Their team works tirelessly to monitor and prevent fraud for all of our customers.
The GDPR, or General Data Protection Regulation, is a law passed by the European Union to protect customer data. The law went into effect May 25, 2018, and violation of the GDPR can result in steep penalties. While the GDPR only applies to constituents of the EU, our payments partner has aligned itself where appropriate as part of our commitment to transparency, data protection, and accuracy.
Stax is committed to safely securing sensitive cardholder data. As a Level 1 PCI Service Provider, they take the utmost care in protecting this data. They use a host of security measures to prevent fraud and ensure PCI compliance across all of their services. Their team works closely with ours to assist to ensure everything is operating well within PCI standards.
If you have any questions about security with Stax, please reach out to us at firstname.lastname@example.org.