This May, Pentafon obtained re-certification at the highest level of PCI-DSS, valid through May 2022. Level 1 PCI-DSS applies to businesses that handle over 6 million Visa or Mastercard transactions annually, ensuring the security of client information, sensitive customer data, financial transactions, and protection against attacks or viruses on the systems of the clients we connect with.
The Payment Card Industry Data Security Standard (PCI-DSS) was developed by a committee formed by the major debit and credit card companies, including Visa, Mastercard, American Express, Discover, and JC. Companies that process, store, or transmit card data must comply with the standard or risk losing their authorization to process credit and debit cards (franchise loss), facing rigorous audits or fines.
Some providers present the questionnaire for PCI levels 4 and 5 as a certification, although it is merely a self-assessment.
To obtain Level 1 PCI-DSS certification, Pentafon must meet several requirements, including:
A centralized monitoring console that detects internal and external hacking attempts
At least four external vulnerability scans per year by PCI-authorized vendors to ensure logical security controls
Automated antivirus updates not only on central systems but also on every device connected to the network
Dual authentication systems for Pentafon’s and its clients’ data storage systems
Sensitive data encryption processes
Annual penetration testing by a PCI-authorized provider
These measures not only protect Pentafon’s internal network but also ensure secure communications and system access for its clients, who benefit from secure centers and proper data handling.