This August, Pentafon obtained recertification at the highest level of PCI-DSS. Level 1 of PCI-DSS applies to businesses that handle more than 6 million transactions per year, ensuring the security of client information, sensitive customer data, financial transactions, and protection against attacks or viruses on the systems of the clients we connect with.
The Payment Card Industry Data Security Standard (PCI-DSS) was developed by a committee formed by the major credit and debit card companies, including Visa, Mastercard, American Express, Discover, and JCB. Companies that process, store, or transmit card data must comply with the standard or risk losing their authorization to process credit and debit cards (franchise loss), facing rigorous audits, or paying fines.
Many providers present the questionnaires for PCI levels 4 and 5 as a form of certification, although these are actually self-assessments, not formal certifications.
To obtain Level 1 PCI-DSS certification, Pentafon must meet a series of requirements, including:
Implementing a centralized monitoring console to supervise internal and external hacking attempts.
Conducting at least four external vulnerability scans by PCI-authorized vendors to ensure logical security controls.
Maintaining automatic antivirus updates not only on central systems but also on every device connected to the network.
Applying a two-factor authentication system for data storage systems at Pentafon and for each of its clients.
Implementing data encryption processes for sensitive information.
Performing annual penetration tests conducted by a PCI-authorized provider.
These measures not only protect Pentafon’s internal network but also secure communications and access to client systems.
This translates into secure contact centers and proper data handling, benefiting Pentafon’s clients.