PCI DSS compliance
PCI DSS (Payment Card Industry Data Security Standard) is a common security standard in the payment card industry. All organizations that store, process and transmit payment card data or other sensitive information related to customer/payment authentication must be audited for compliance with this certificate.
Thus, if you are going to work with direct integration, that is, use your payment page and collect card data of payers yourself, you must have a PCI DSS Level 1 certificate (regardless of the number of transactions).
Documents to confirm compliance with the requirements of the standard:
Attestation of Compliance (AoC) for Level 1, carried out no earlier than 9 months ago (must be carried out annually). On the basis of this document, the following is determined:
- At what level were the payment data security standards assessed (self-assessment or official Level 1 assessment with third-party confirmation).
- What specific requirements and sub-requirements are certified as conforming (or not conforming) to the standard.
- The date when the last assessment was carried out.
Vulnerability Scan Report (ASV), performed no earlier than 90 days ago. ASV scanning is an automated check of all points of connection of the information infrastructure to the Internet for existing vulnerabilities. Must be held quarterly.
Certificate (optional).
The specified documents must be submitted to our compliance department through the Tranzzo Support before the activation of the live project and before starting to accept payments.