Payment Card Industry Data Security Standard (PCI DSS) FAQ
Your Information Is Safe!The PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements for all parties involved in processing credit & debit card transactions – including acquirers, service providers, and merchants – to ensure secure transmission and storage of cardholder data.
Continuous compliance with the standard is mandatory for all specified parties, but periodic certification of compliance is also required in various capacities.
We never even see your credit card data, just the last four digits. You data is encrypted and the transaction happens between the secure gateway and the bank, we simply get the record of transaction and your last four. Thus your data is never stored on our servers and
Wave Tribe Goes Above & Beyond The MandatoryThe PCI SSC (Security Standards Council – to learn more, click here). The standard was introduced in 2004 as a result of collaboration between Visa and MasterCard. In 2006, they handed off the responsibility of maintaining the standard to the SSC, which is a joint effort of Visa, MasterCard, Discover, JCB, and American Express. Although the SSC has exclusive authority to set requirements, it does not participate in compliance enforcement. The card brands themselves are responsible for enforcing compliance for all transactions conducted with their own cards. They accomplish this through policy enforcement with their member banks (acquirers). The member banks, in turn, enforce compliance with merchants. Consequently, if you wish to process major credit cards, you must do so through members of the card brands, who mandate PCI DSS compliance measures in their service contracts.
Wave Tribe Follows These 12 Requirements
According to the SSC, there are 12 requirements for service providers to achieve compliance:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
To help service providers remember the requirements, the SSC has even created a catchy tune with an animated video. You can watch it at here. To view the requirements spelled out in thorough detail, click here (click "Accept" at the bottom, then select "English: pdf" or "English: doc").
As mentioned previously, compliance enforcement is the responsibility of the card brands themselves. You can find full service provider compliance requirements at each card brand's website:
Since all card brand programs are designed to help service providers achieve compliance with the same standard, they are quite similar in a number ways. The main components are: