TSI’s continued investments in technology and information security over the past year have helped us to achieve the highest level service provider certification, the same payment processing standards held by all major banks and credit card companies, the PCI 3.2 Service Provider Level 1 Attestation.
PCI Security Standards Council (PCI SSC) maintains the compliance standards for any business that accepts credit card payments. Recently, they released their latest security standards with their PCI Data Security Standard (PCI DSS) version 3.2 to continue to keep payment data safe against growing data security threats.
“PCI DSS 3.2 advocates that organizations focus on people, process and policy, with technology playing an important role in reducing the overall cardholder data footprint,” said PCI Security Standards Council General Manager Stephen Orfei in their press release.
While the primary benefit of the PCI 3.2 attestation is overall increased protection of data confidentiality and integrity, some of the key changes from the PCI 3.1 attestation are:
- Stronger security controls and greater abilities to detect and alert control failures through more frequent assessments;
- Clear executive visibility and responsible involvement of executive management; and,
- Multifactor authentication for any personnel with administrative access into environments handling card data.
To address these new requirements, TSI implemented a monthly vulnerability scan of the card holder environment to ensure continuous monitoring of risks. In addition, TSI’s executive management is closely involved to make sure the right investments are made and that the controls are being audited for effectiveness.
TSI goes beyond just receiving the certification; we own intellectual property of a scalable and secure payment technology platform, enabling us to provide flexible payment options via multiple channels including web site, telephone, mailed checks, and ACH. This flexibility leads to better consumer experiences, and a more streamlined collections process.
Overall, through our PCI 3.2 Service Provider Level 1 Attestation, TSI’s clients can rest assured that their data, and their customer’s data, are secure at rest and in transit, from the moment they arrive at TSI, throughout its entire processing life cycle, and until its archival.
To learn more about PCI Security Standards Council visit: https://www.pcisecuritystandards.org/.
Want to learn more about TSI? Fill out the form and a TSI representative will contact you shortly.