PCI DSS Certified

2009-12-28_hccs_dot wcc_pci compliance

PCI DSS Certified

Hamilton’s robust data security standards have allowed us to receive Payment Card Industry Data Security Standards (PCI DSS) certification.

Payment Card Industry Data Security Standards require complete separation of credit card information from other company data. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

Hamilton’s certification is through TrustWave, one of several companies charged with certifying that the security requirements outlined by the payment card industry are being met before issuing the certification. Hamilton’s network undergoes quarterly external security scans, continuous internal scans and an annual self-assessment of how we meet or exceed the security requirements.

Meeting the security requirements for PCI DSS certification means that our entire network is secure no matter what kind of data is being transported or processed.

PCI History

PCI DSS originally began as five different programs: Visa Card Information Security Program, MasterCard Site Data Protection, American Express Data Security Operating Policy, Discover Information and Compliance, and the JCB Data Security Program. Each company’s intentions were roughly similar: to create an additional level of protection for customers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. The Payment Card Industry Security Standards Council was formed, and on the 15th of December 2004, these companies aligned their individual policies and created Payment Card Industry Data Security Standard.

It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, cracking and various other security vulnerabilities and threats. A company processing, storing, or transmitting payment card data must be PCI DSS compliant or risk losing their ability to process credit card payments and being audited and/or fined. Merchants and payment card service providers must validate their compliance periodically. This validation gets conducted by auditors - i.e. persons who are the PCI DSS Qualified Security Assessors (QSAs). Smaller companies, processing less than about 80,000 transactions a year, are allowed to perform a self-assessment questionnaire.