PCI DSS

The main component of a reliable payment service is the security of cash transactions. ONERO applies the most modern methods of protecting personal data, taking care of the security of your payments. We have the highest level PCI DSS certificate. Our service every year passes audits of independent international auditing companies in order to confirm certification.

PCI DSS Certificate

PCI DSS is a recognized standard of data security for the payment card industry. It regulates a number of specific rules, compliance with which allows for a high degree of information security. Each organization whose activity is associated with the processing, storage or transfer of data of cardholders is required to comply with these rules.

The standard was established by five international payment systems Visa, MasterCard, JCB, Discover, American Express. PCI DSS certification is the main component of the payment service, which minimizes the risks of cybercrime.

PCI DSS Certification

Absolutely all systems and payment services that work with Visa and MasterCard bank cards are required to be certified annually under this standard. Based on the amount of data processed by the organization, and on its role in the payment process, there are the following possibilities for obtaining a certificate: external audit, internal and self-assessment sheet.

External audits are carried out by companies whose number of processed transactions exceeds 6 million transactions in one year. It is conducted by an auditing company, which during the entire audit collects evidence of compliance with all standards of the standard. Also, the automatic scanning of network vulnerabilities of ASV is mandatory.

The internal audit is conducted by a specialist of the company who has undergone special training according to a program developed by the PCI SSC Council. If the amount of data processed is minimal, then the organization must fill in the self-assessment sheet (SAQ) and perform an ASV scan.

Compliance with all requirements prescribed by the PCI DSS standard should be fully implemented, regardless of what methods of confirmation are used by the organization.

ONERO provides a wide range of consulting services to ensure full compliance with the data security standard and implements the implementation of PCI DSS in an organization with its subsequent certification.