language-iconAustralia - English  

Phone Sales & Support 1300 551 084

language-icon Australia  
Singapore Hong Kong

Phone Sales & Support 1300 551 084

PCI-DSS Compliance

PCI-DSS Compliance

Vocus
Nextgen
megaport
Dell
VMware
Vocus
Nextgen
Megaport
Dell
VMware

Entity Data is a PCI-DSS Level 2 Service Provider

Entity Data is a PCI-DSS Level 2 Service Provider

The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

PCI-DSS applies to all businesses that store, process or transmit cardholder data and/or sensitive authentication data including merchants, processors, acquirers, issuers, and service providers. The PCI-DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

Entity Data can work with clients to assess, implement and manage a secure hosted environment to help meet the requirements of PCI-DSS Compliance. Please check our Frequently Asked Questions section below and/or contact a sales specialist to discuss.

PCI-DSS Requirements

Your hosted environment must enforce the following 12 requirements from the PCI-DSS standard.

PCI ControlEntity Data’s Solution
Install and maintain a firewall configuration
to protect cardholder data		Entity Data’s Firewalling solution powered by Check Point® provides high-performance enterprise-grade
protection for your hosted environment. Firewall solutions are fully managed and monitored around
the clock by our security engineers.
Learn More
Do not use vendor-supplied defaults for
system passwords and other security
parameters		Entity Data’s Intrusion prevention and vulnerability assessment services are powered by Check Point®
and Alert Logic®, working together to provide advanced pro-active protection against internal and
external threats.
Learn More
Protect stored cardholder dataNot applicable – You must implement this requirement.
Encrypt transmission of cardholder data
across open, public networks		Entity Data offers a wide range of SSL Certificates from Geotrust, Comodo and Symantec to address this
requirement. Extended Validation (EV), Organisation Validated (OV) and Domain Validated (DV)
SSL Certificates are available.
Learn More
Use and regularly update anti-virus software
or programs		Entity Data’s fully managed anti-virus solution powered by AVG® provides powerful protection for your
servers against Viruses, Trojans, Spyware, Ransomware and other Malware.
Develop and maintain secure systems and
applications		Entity Data’s Web Application Firewall (WAF) powered by Citrix® Netscaler™ AppFirewall™ provides
an advanced layer of protection for your hosted websites and web applications. WAFs are designed to
inspect all traffic and mitigate attacks without slowing down web application performance.
Learn More
Restrict access to cardholder data on a
need-to-know basis		Entity Data will work with you to create a user registration document prior to the creation of user
accounts and token allocation. This document must be maintained throughout the lifecycle of the
hosted environment.
Assign a unique ID to each person with
computer access		Entity Data’s Multi-factor authentication solution is powered by RSA SecurID® Suite, providing strong
access management, identity governance, and user lifecycle solutions to strengthen security and
ensure compliance.
Learn More
Restrict physical access to cardholder dataEntity Data’s data centres meet Tier-2 world class standards and address all the requirements of
physical security with regard to PCI-DSS compliance.
Learn More
Track and monitor all access to network
resources and cardholder data		Entity Data’s Multi-factor authentication solution is powered by RSA SecurID® Suite, providing strong
access management, identity governance, and user lifecycle solutions to strengthen security and
ensure compliance.
Learn More
Regularly test security systems and processEntity Data’s Intrusion prevention and vulnerability assessment services are powered by Check Point®
and Alert Logic®, working together to provide advanced pro-active protection against internal and
external threats.
Learn More
Maintain a policy that addresses information
security for all personnel 		Not applicable – You must implement this requirement.

PCI-DSS Requirements

Your hosted environment must enforce the following 12 requirements from the PCI-DSS standard.

Frequently Asked Questions

Does PCI Compliance apply if our business doesn’t store credit card details?

If you accept credit cards or debit cards as a form of payment then PCI compliance applies to your business. The fact you are not storing the card details will make things easier, but there are still compliance requirements.

Where can I find the PCI Data Security Standard?

You can find this on the PCI Security Standards Council website.

Do we really need PCI compliance?

In general, any merchant who intends to process, store or transmit credit card information is required to be PCI compliant according to the PCI Security Standard Council. Please contact our team to discuss this in further detail.

How do we achieve PCI-DSS compliance?

Signing up for an Entity Data hosting service will not automatically make your business PCI-DSS compliant. There is a lot involved, but our security team can work with you on meeting the requirements. We have a lot of PCI-DSS compliant businesses hosted with us!

More Questions? Call us on 1300 551 084 or Contact Us

More Questions?
Call us on 1300 551 084 or Contact Us