Data breaches incidents have caused businesses to lose their reputation and trust besides financial losses. Many data breaches incident caused from poor control on the use of third party services. Answering these challenges, Elitery Data Center has successfully achieved PCI DSS certification version 3.2.
Implementation of PCI DSS Certification (Payment Card Industry Data Security Standard) version 3.2
It is important to have a process in analyzing how changes can affect the environment and the security controls that depend on the organization to protect cardholder data. This PCI DSS requirement applies not only to card-processing companies, but to all related environments, such as third-party data center facilities and IT outsourcing services.
PCI DSS is a system that protects Customer Information Data (Banking, Financial Institutions, and Personal), from various Identity Data theft threats when conducting Financial / Banking Transactions, Online Transactions (e-money), and use of Credit Card or Debit Card. PCI DSS certification version 3.2 was achieved by Elitery in early October 2017 from the International Certification Agency headquartered in Canada.
PCI DSS Evironment Scope
PCI DSS security requirements apply to all system components that are included or connected to the cardholder data environment. The cardholder data environment (CDE) consists of the people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices, and applications.
Examples of system components include but are not limited to the following:
- Systems that provide security services, facilitate segmentation, or may affect the security of the CDE (cardholder data environment).
- Virtualization components such as virtual machines, virtual switches / routers, virtual equipment, virtual / desktop applications, and hypervisors.
- Network components include but not limited to firewalls, switches, routers, wireless access points, network equipment, and other security equipment.
- Server types include but are not limited to web, application, database, authentication, e-mail, proxy, Network Time
- Protocol (NTP), and Domain Name System (DNS).
- The software includes all purchased and custom software, including internal and external software.
- Other components or devices that are inside or connected to CDE.
Use of Third Party Service Providers / Outsourcing
Service providers and merchants may use third party services to store, process or transmit cardholder data on their behalf, or to manage components such as routers, firewalls, databases, physical security, and / or servers.
Elitery is qualified to be an outsourcing data center facilities and IT management services. Especially for financial institutions, fintech, e-commerce, insurance and all organizers of financial transactions. Thus, your business can also meet the requirements of PCI DSS by partnering with Elitery.
Each company (service provider) must be compatible with PCI in accordance with its information handling procedures to PCI DSS requirements.
If your company stores, transmits or processes credit cardholder data, make sure the data center facility you use complies with PCI DSS.
Your transaction data and customer accounts are more secure by being in an environment that meets the requirements of PCI DSS.
Elitery as a data center provider and IT management services, has a special responsibility to follow PCI Compliance.
Hopefully with this PCI DSS V.3.2 certification achievement, Elitery can continue to strengthen its IT services quality for your company.
Please contact our team for more information about Elitery PCI DSS V.3.2 certification.