PCI Compliance – FAQ
What is PCI compliance?
- The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
- The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council. A copy of the PCI DSS is available here.
What is PCI AOC attestation?
- A PCI Attestation of Compliance (AoC) is a declaration of an organization’s compliance with PCI DSS. It serves as documented evidence that the organization’s security practices effectively protect against threats to cardholder data.
- This document must be completed by a Qualified Security Assessor (QSA) or the business’s merchant. A QSA is a third-party entity that is certified by the PCI Security Standards Council (PCI SSC) — the body that established PCI DSS — to perform PCI DSS audits and determine whether organizations are PCI compliant.
Why are businesses required to be PCI compliant?
- Businesses are required to be PCI compliant to protect cardholder data, adhere to industry standards, reduce fraud and liability, build customer trust, and meet legal and regulatory obligations. It is essential for businesses that handle payment card data to prioritize security and establish strong measures to safeguard sensitive information.
How does Kinetic ensure the data I send across their network is secure?
- Although Kinetic implements security measures, the ultimate responsibility for securing data lies with you as the business. It is advisable to take additional precautions, such as using strong and unique passwords for users on the network, regularly updating your devices and software, and being cautious when sharing sensitive information online. Additionally, utilizing end-to-end encryption tools, such as encrypted messaging apps, secure email services, and encrypted point of sale systems, can further enhance the security and privacy of your business and clients’ data.
Will the infrastructure changes impact my network?
- No. The work we are doing to offer better and more improved products as part of our SDWAN and SASE portfolio will be seamless. We are planning well in advance and working across our support teams and vendor partners to make this change transparent to our business clients.
Who do I engage for support on PCI compliance needs from Kinetic?
- To handle any additional questions or concerns regarding this communication, we have equipped the support advocates and care teams with information to help address. Refer to the original communication for the best point of contact.
What Kinetic services and equipment can be offered as components of an overall compliant security strategy?
- SD-WAN (Software-Defined Wide Area Network) solutions can provide VPN (Virtual Private Network) capabilities. In fact, VPN functionality is one of the primary features of our SD-WAN solution. Our technology allows you to connect your remote locations, data centers, and cloud environments over a wide area network using software-based technologies rather than traditional hardware-based networking appliances. By doing so, the SD-WAN solution can provide increased flexibility, security, and reliability for network traffic.
- It provides enhanced security by encrypting traffic between sites using VPN technology. With an SD-WAN VPN, traffic is securely encapsulated and sent over the internet or other public networks, providing a secure and encrypted tunnel between the SD-WAN devices at each location. This can help protect sensitive data and communications from interception and unauthorized access. Additionally, SD-WAN VPNs can provide granular control over traffic routing and application prioritization, enabling your organization to optimize the network performance while maintaining security and privacy.
- Network segmentation is also provided by our SD-WAN solution - it separates different types of traffic or customer segments. By dividing the network into isolated segments, you can enhance security by limiting the potential impact of a security breach. This segmentation can help prevent unauthorized access to sensitive data and reduce the lateral movement of threats within the network.