ShieldSquare has PCI DSS (Payment Card Industry Data Security Standard) Level-1 certification. PCI DSS is the leading global security standard for organizations that accept credit card payments or otherwise process credit card and cardholder data.
What is PCI DSS compliance?
PCI DSS compliance is mandated by the world’s leading credit card issuing networks for organizations that accept credit card payments and/ or process credit card/ cardholder data. PCI DSS is administered by the Payment Card Industry Security Standards Council, and aims to reduce credit card fraud by increasing security controls around cardholder data.
The PCI Data Security Standard specifies twelve requirements for compliance, organized into six logically related control objectives:
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Frequently Asked Questions
Is ShieldSquare PCI DSS certified?
Yes. ShieldSquare is certified as a service provider compliant with PCI DSS version 3.2 Level-1.
Does ShieldSquare collect credit card or cardholder data?
No, ShieldSquare does not store any cardholder data on its systems.
Why did ShieldSquare become PCI DSS compliant?
ShieldSquare obtained PCI DSS certification for vendor security reasons. Our customers and partners may have cardholder data (CHD) in the traffic that is sent to ShieldSquare, depending on the nature of the services they avail from us.
How secure are your APIs?
Transmission of cardholder data from customers’ websites to ShieldSquare SDKs takes place over a secure API integrated into our SDKs. Our APIs have passed the Vulnerability Assessments and Penetration Testing program that certifies their security. ShieldSquare does not have visibility into end user personal data. We only collect data from our partners’ APIs and respond only to those specific API calls.
How was the PCI DSS certification assessment performed?
A PCI Security Standards Council-certified Qualified Security Assessor (QSA) performed an onsite inspection to audit all our data security and control systems.
What environments are considered under this assessment?
ShieldSquare infrastructure is hosted in a third party Cloud Platform which is also PCI DSS compliant. ShieldSquare’s entire infrastructure has been covered under the assessment, which includes IT resources such as Servers/ Instances, Security groups/ Firewalls, as well as Antivirus and File Monitoring systems.
All the boundaries of the cardholder data environment were covered under the assessment:
- The boundaries between trusted and untrusted networks were reviewed.
- All other connection points as applicable to the assessment were also covered.
- Documentary evidence with respect to policies, procedures, VA/PT reports, etc. were reviewed.
- The respective Attestation(s) of Compliance (AOC) of our Cloud Service provider(s) were also reviewed.