On 7th July 2013 DeckBooks achieved PCI compliance under the PCI DSS standard. Since the initial beta launch of DeckBooks in November 2011 we have always been committed to excellence in security standards and data protection, providing peace of mind to our users.
Over the past few months we have been been doing a lot of work behind the scenes to make DeckBooks completely PCI compliant (hence the lack of feature updates). We contracted a Qualified Security Assessor (TrustWave) to guide us in becoming PCI compliant and now we have achieved compliance (the nice shiny green badge you will see on the website and when you log into DeckBooks).
What is PCI compliance?
The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the credit card industry to combat fraud. There are very strict requirements to the standard that apply to merchants that store, process or transmit cardholder data. DeckBooks uses SagePay to handle our online payment processing and new requirements by merchant providers such as Streamline now require compliancy with the PCI DSS. We have always built DeckBooks with security in mind but we have also introduced new measures to DeckBooks to ensure that we are compliant with the PCI DSS. These include:
- Enforcing strong passwords and storing them with 512-bit encryption
- The entire system is protected using SSL encryption
- Two factor authentication and account protection any important activity (account changes, logins, etc…)
- Ensuring that extremely strict firewall and security policies are followed
- Strictly controlled access to servers and customer data
- Ring fenced and ID controlled access to data center.
- All of our developers are trained in industry security standards
- DeckBooks undergoes regular security scans from an approved PCI scanner every month
What does this mean for users of DeckBooks?
From a user perspective you will not notice anything over than the PCI compliance badge at the bottom of DeckBooks when you log in; however you can feel confident in the peace of mind that we are keeping your data safe and secure and following the strict standards of the PCI DSS compiant standards.