If you’re a business thinking of accepting credit cards, you need to know about the Payment Card Industry (PCI) data security standards. Because the information tied to credit cards is so sensitive, it’s important to have strict security measures in place, like the PCI Data Security Standard (PCI DSS). What is that, exactly, and how does it impact you? We’re glad you asked.
Most of us use credit cards for making payments because of the benefits they offer, like convenience, rewards programs, and the ability to hold onto your money a little bit longer. As it’s the preferred payment method for most people, many businesses see the advantage of allowing customers to pay with their credit cards. In order to do so, however, businesses need to be PCI compliant.
What is PCI compliance? The PCI DSS is the globally recognized data security standard for all entities that process, store, or transmit a cardholder’s data and/or sensitive authentication data. In other words, it’s the mandatory industry requirement for card data storage and protection. Businesses cannot take credit cards if they don’t meet one of the four levels of PCI compliance, with Level 1 being the highest and most stringent level.
At Peloton, one of our core values is building and maintaining trust with our customers. Here’s the proof: we’re PCI Level 1 Compliant! It’s something we’re incredibly proud of because it confirms that we’re providing an industry-leading level of safety and security when storing, transmitting and processing data.
Here’s the thing - we’re not just Level 1 when it comes to card data - we’ve actually adopted those security measures across our entire organization for all of our data. Here’s how we did it:
Build a Secure Network and System
We use enterprise-level tools and equipment to protect our systems, and we are diligent in keeping them up to date.
Protect All Data
You’ll hear us say “tokenization”, which is a common term in the industry. It basically means we'll handle the sensitive data for you (all of it, not just credit cards) and keep it secure, leaving you free to focus on your business. It’s also a good way to protect any information we send across open, public networks.
It takes more than a little honesty to keep finding and admitting to your flaws and weaknesses, but we’re doing it. Regularly searching for, identifying and fixing vulnerabilities keeps us secure and ready for any threat.
Implement Strong Access Control
We rigorously vet anyone needing access to our data, including our own employees. Everything is on a need-to-access basis, and there are multiple levels of restrictions to ensure that the right people get the right data, and nothing else.
Regularly Monitor and Test Networks
Testing, testing, 1, 2, 3. Constant testing, checking, tracing and monitoring is key to staying vigilant, as we never rest on our laurels when it comes to security.
Maintain Stringent Security Policies
We have an internal security team absolutely obsessed with implementing and enforcing best practices when it comes to data protection. In fact, we can feel their watchful gaze on this post right now!
On top of that, we:
- Meet annually with a bonafide security advisor,
- Voluntarily have our network scanned and audited by outside professionals four times a year,
- And fill out a ton of paperwork and reports. These checklists and forms are in place to make us constantly re-evaluate our systems.
So, what does this all mean for you? It means that we offer businesses like yours the ability to process credit card transactions as well as EFTs, something many payment processing platforms can’t do. By achieving and maintaining the highest level of PCI compliance, we’re providing you with the answer for the next time one of your customers asks, “how are you protecting my data?”
As you can see, our commitment to you is that your data is safe and secure with us, and always will be. With Peloton, we’re stronger together.
If you’d like to join the pack, get in touch with us!
Want to learn more about PCI compliance and the technical aspects of how we’ve achieved our Level 1 status? Check out the PCI Security Standards Council’s PCI DSS Quick Reference Guide.
There are 12 key requirements for being PCI compliant that reflect security best practices (see page 9 for details). Remaining in compliance with PCI standards is an ongoing process of assessing, repairing and reporting in order to maintain a secure business environment.