PCI-DSS

PCI-DSS Audit

DCA’s facilities and operations have been audited by an independent provider of IT and risk management solutions and certified to be compliant with the PCI DSS standard.

The scope of a PCI audit starts with card data but includes all aspects of a business that might relate to or have some impact on the security of card data, and it covers all login access by staff and all potential network access by any party. PCI covers security at an organisational level as well as a systems level.

Payment Card Industry

If you are unaware of the genesis of the Standard, the PCI DSS has come from the Payment Card Industry, founded by five of the leading card providers (American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc). The Payment Card Industry or the PCI has produced a Data Security Standard (DSS).

This Standard, which is more prescriptive and more difficult to achieve than ISO 27001, covers aspects of system and physical security designed to protect sensitive data from theft or misuse.  The Standard covers 12 key areas including encryption, virus protection, networking, access, monitoring and policies.

PCI-DSS Compliant

DCA is required to perform tasks at regular intervals to maintain compliance.  The list of tasks is extensive, but in particular includes quarterly scans of the systems and network, an annual penetration test (‘hacking’), and annual audits of continued compliance by our certified third-party PCI DSS auditor.