PCI DSS Compliance Update May 8, 2009
People often ask us about security, especially when talking about credit cards, but in general they want to know their information is safe with us: safe from evil-doers, protected from loss and safe from accidental disclosure.
Today we completed our latest Payment Card Industry Data Security Standard (PCI DSS) review. This involves internal scans, external scans, code and policy reviews and only when every box is checked affirmative are you recognized as “PCI Compliant”. We’ve spent a lot of time and money on security, not just for the sake of compliance, but to protect our customers and we’re proud of our compliant status. We haven’t posted these in the past but I wanted to share some of the details for those who are curious:
If you flip through the SAQ and are not an IT person, your eyes will quickly glaze over and you’ll realize how happy you are that we deal with it on your behalf. If you are an IT person, your eyes will burn like you’ve been maced and you’ll realize how happy you are that we deal with it on your behalf.
We achieved compliance through a combination of internal effort and vendors who supply some part of our payment processing infrastructure. We couldn’t be compliant or secure without the help of our trusted partners Layer42 Networks in Santa Clara, Braintree Payment Solutions in Chicago and Greensoft Hosting in Kansas City.