It is official, ReceiptHero is now PCI-DSS level 1 certified!
But what does this level of certification mean for our product, for our customers? We go in-depth into the why of PCI.
Data privacy, data security, and fraud prevention, these factors will become even more important as more and more business shifts online. We are reminded on an almost daily basis that companies must have the right type of security procedures in place. Safeguarding consumer information has to be taken seriously.
ReceiptHero understands we have an active role in ensuring we mitigate these risks for our clients’ and for the end customers.
Why become PCI Compliant?
Even though ReceiptHero does not process any financial transactions (these are processed through the Payment Service Providers currently integrated to ReceiptHero), it is still important to adhere to these strict guidelines set forth by the PCI-DSS level 1 certification.
What does PCI compliance mean?
The leading payment processors (Visa, American Express, JCB, and MasterCard) came together in 2006 to establish a set of security standards. The goal was to protect consumers’ sensitive data and help reduce credit card fraud. The result was the PCI DSS – the Payment Card Industry Data Security Standards. This comprehensive set of standards applies to any organisation that stores, transmits, or accepts cardholder data.
This means that ReceiptHero must adhere to the data security standard that acquirers and their service providers must follow to make sure that cardholder data provided by cardholders is protected. This cardholder data is the combination of data that can be used to make a credit or debit card payment.
Level 1 Service Provider requirements
These are service providers that store, process, or transmit more than 300,000 credit card transactions annually.
PCI Requirements validated
- Annual Compliance Report (ROC) prepared by a Qualified Security Auditor (QSA)
- Network scans performed quarterly by the Approved Scanning Provider (ASV).
- Penetration test performed annually Quarterly local network vulnerability scans
- Declaration of Conformity (AOC) Form
How is ReceiptHero PCI compliant?
ReceiptHero transfers encrypted cardholder data from the point of sale to the payment service provider. For PCI compliance, the focus is not just on the software itself, but on our toolset and procedures that we use to develop and operate ReceiptHero services. These are the basis of the PCI compliance for ReceiptHero.
Our PCI compliance journey started earlier in the year and our development team have done a fantastic job to finally become compliant. It wasn’t easy, there was a lot of paperwork and hoops to jump through but we know the importance of being fully compliant. This will be a big step for us in terms of implementing our service towards large banks and 3rd parties. We take data privacy and security seriously.
Saku Pihlajaniemi – Chief Technology Officer
What does this mean for existing ReceiptHero’ partners?
For existing ReceiptHero’ partners, obtaining our PCI certification will not change anything. It simply means that the software security and our methodology are certified safe. No changes need to be made to the existing platform to ensure it is PCI compliant. Our customers can continue to use our solution that meets the highest data security standards.
Obtaining our certification is another example of ReceiptHero’ ongoing commitment to safeguarding the data and providing the best possible platform on the market.
Do you have any additional questions about PCI?
If you have any additional questions in relates to ReceiptHero’ PCI compliance, please feel free to email Saku@ReceiptHero.io. He is able to answer your questions in relation to PCI compliance.