WisePay is PCI Level 1 compliant: what does this mean?
During the pandemic more and more of us made use of paying online. As we were in lockdown and couldn’t go out, there were few alternatives. Even if we were a little circumspect about paying online, doing so became a matter of increasing importance for us to feed our families and go about life normally.
It is comforting to know that in these unusual times there is an industry framework that exists to protect schools and parents’ data from those who would otherwise abuse it. These standards are known by the catchy title of PCI DSS, which stands for Payment Card Industry, Data Security Standards. These set out how processors of card information, such as WisePay, must handle parent data in a secure manner in order to minimise the chances of their card data falling into the wrong hands.
For most of us, when making an online purchase there is very little evidence of this standard in operation, as almost everything goes on within the processing environment of the payment platform.
What the PCI DSS Certification Covers
The network that holds your data is both physically secure and not open to the world to connect to.
The database the holds your data is secure and not open to compromise or copying.
The building that holds the servers, data and people that process your data is secure and has policies to detect intrusion.
The processes within the business are documented and secure; your data is handled correctly – it isn’t written down on a post-it note!
Data transmitted is encrypted and cannot be read by anyone without permission or the keys to decrypt it.
4 Checks for Complete Payments Compliance
1. Ask for proof of PCI certification in the companies/platform name
All successful PCI applications are provided with a certificate issued by a Qualified Security Assessor (QSA) that confirms the organisation details and their level of PCI accreditation. Ask to see the PCI certificate issued to your shortlisted providers; it can take a lot of time and money to successfully complete the PCI certification process. Your supplier should be happy to provide their certificate.
2. Check whose name is on the certificate!
For smaller payment providers, a self-certification process is available. Although the company completes its own security questionnaire before it’s checked by the QSA, you should always see the name of your chosen payment processor on the PCI certificate. Passing off your bank’s certificate does not show PCI compliance.
3. Check who issued the PCI certificate
All PCI level 1 and 2 certifications can only be issued by a QSA. This ensures impartiality and accuracy of information. The identity of the QSA should be clearly visible on the certificate as well as their contact details. Check that the QSA is listed on the PCI Security standards website.
4. Check the level of PCI certification
For companies that facilitate payments, there are just two levels of PCI compliance.
- Level 1 applies to those processing more than 300,000 transactions per annum. This is WisePay’s level of compliance.
- Level 2 applies to those that process less than 300,000 transactions per annum.
Should I be worried about a self-certified PCI Certificate?
You could argue that there is greater security with third-party testing and confirming the organisation’s compliance. However, self-certification should just mean that the volume being processed is below the 300,000 transactions per annum level.
If in doubt, ask questions to your provider and do not take anything at face value. Remember that you are also liable for card data losses, and any fines for lost data will also be your fines. If you have concerns about your current provider, please contact our payments specialists. They will be able to advise and provide you with any security-related information about WisePay.