Last week, we announced that SiteSpect was certified by a third-party auditing firm for the Payment Card Industry Data Security Standard (PCI DSS). This is our 11th year in a row getting third-party certification, and we’re very excited to share that we still abide by the highest security standards. But, what is PCI DSS? What do we mean? In this blog I’m going to explain what PCI compliance is, how we got certified, and what it means for you and your customers.
What Is PCI DSS?
The PCI Security Standards Council (PCI SSC) is a group of payment industry organizations that creates global security standards for credit card payments. As most of us have experienced in some way or another, credit card breeches are damaging to everybody involved. The PCI SSC provides regulations regarding what data can and cannot be stored, and how to ensure safe and secure credit card payments.
What Does It Mean to be PCI Certified?
There are a couple of options for PCI certification. The PCI SSC releases a guide for self-assessment. This allows organizations to walk through and determine for themselves whether they abide by PCI standards. Alternatively, third-party companies can objectively audit your organization for compliance. We are proud to say that we have been third-party audited, and achieved the certificate for PCI compliance 11 years in a row.
What Does PCI Compliance Mean for Optimization?
Any site that offers payment needs to make sure that they are PCI compliant. While this is of course the responsibility of the site taking payment, it also impacts every tool that touches that ecosystem. If you introduce tools to manage your user experience, data analysis, or other components of your site, those tools also need to be PCI compliant. Security is always at the forefront of what we do at SiteSpect, so you can be sure we’re always supporting you with the highest security standards.