At RevenueWire, we are committed to protecting sensitive consumer financial information, including cardholder data, and to keeping this information safe from fraudsters and other criminals that would steal and exploit it for illicit gain. In support of this commitment, RevenueWire complies with the Payment Card Industry Data Security Standard (PCI-DSS) as a Level 1 Service Provider, the highest standard of PCI compliance. Whenever cardholder payment data is processed, transmitted, or managed through the RevenueWire platform, RevenueWire takes responsibility for the proper security of the data entrusted to us in accordance with PCI-DSS requirements.
PCI-DSS is an information security standard adopted by the payment card brands. Every entity that processes, stores, or transmits cardholder data, including merchants and service providers of all sizes, must adhere to the applicable requirements set out by this standard. Certification requirements vary by business and are based on “Merchant Level” or “Service Provider Level” which are determined by business size and scope of exposure to cardholder data.
As a PCI-DSS Level 1 Service Provider offering services relating to your cardholder transactions, RevenueWire is required to ensure the full end-to-end security of cardholder data. This includes monitoring of our merchant clients to validate compliance with the PCI-DSS standards. We recognize that compliance with PCI mandates may seem difficult or overwhelming to many small and mid-size businesses and we want to make this as easy as possible for you. To this end, we have partnered with SecurityMetrics, a certified PCI Qualified Security Assessor (QSA). Through this partnership, RevenueWire offers its clients with an active merchant account access to SecurityMetrics tools and resources at no additional cost to you. SecurityMetrics will help you identify and complete the correct Self-Assessment Questionnaire (SAQ), the first step toward confirming your compliance with PCI mandates, and complete simple tasks to validate compliance.
While PCI-DSS requirements will vary based on the size of your business and the level of integration you may have with RevenueWire, SecurityMetrics FastPass will help you identify the correct SAQ and when possible, pre-fill SAQ questions. Based on your responses to the SAQ, additional actions may be necessary and SecurityMetrics can assist you with those actions as well.
Checkout Pages hosted by RevenueWire
Merchants that only use RevenueWire hosted cart order pages may benefit from having reduced PCI-DSS scope and much of the burden of PCI compliance handled by RevenueWire. Merchants using payment pages hosted by RevenueWire may qualify for a simplified version of the PCI-DSS SAQ. However, since merchants have access to customer information for their transactions, they still must carefully manage the administration of such data in line with relevant privacy legislation and Card Association rules.
Merchants that use RevenueWire Order APIs and host their own order pages are required to be fully PCI-DSS compliant and are responsible to securely manage all shopper’s payment data.
Transport Layer Security
PCI DSS 3.2 states that all PCI-compliant organizations have need to support TLS 1.1 protocols or higher. To comply with this requirement, Transport Layer Security version 1.1 and 1.2 are mandatory for communication with RevenueWire as of June 25, 2018.
You will need to verify that your environment supports TLS 1.1 and TLS 1.2, and if necessary, make appropriate updates.
If you are interested in learning more about PCI standards or SecurityMetrics, we have provided some links to additional resources below.