PCI DSS Compliance Update May 8, 2009
People often ask us about security, especially when talking about credit cards, but in general they want to know their information is safe with us: safe from evil-doers, protected from loss and safe from accidental disclosure.
Today we completed our latest Payment Card Industry Data Security Standard (PCI DSS) review. This involves internal scans, external scans, code and policy reviews and only when every box is checked affirmative are you recognized as “PCI Compliant”. We’ve spent a lot of time and money on security, not just for the sake of compliance, but to protect our customers and we’re proud of our compliant status. We haven’t posted these in the past but I wanted to share some of the details for those who are curious:
- Pukka Software PCI DSS SAQ (PDF, 178kb)
- Pukka Software PCI Scan Summary by Qualys (PDF, 40kb)
If you flip through the SAQ and are not an IT person, your eyes will quickly glaze over and you’ll realize how happy you are that we deal with it on your behalf. If you are an IT person, your eyes will burn like you’ve been maced and you’ll realize how happy you are that we deal with it on your behalf. 
We achieved compliance through a combination of internal effort and vendors who supply some part of our payment processing infrastructure. We couldn’t be compliant or secure without the help of our trusted partners Layer42 Networks in Santa Clara, Braintree Payment Solutions in Chicago and Greensoft Hosting in Kansas City.
May 29th, 2009 at 11:34 am
[...] our payment processing through a managed server in another colocation facility. The upside is that we are fully compliant and customer data is as safe with us as with your bank or Amazon. The downside is that the remote [...]