Adobe Business Catalyst PCI DSS Compliance and Security Standards
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard containing a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, as well as to protect cardholders against misuse of their personal information.
Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
The PCI DSS specifies and elaborates on six major objectives:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy.
Is Business Catalyst PCI Compliant?
Yes, Business Catalyst is certified Level 1 PCI DSS compliant. This compliance extends to all online shops powered by Business Catalyst.
We take security very seriously and as such we have invested significant effort in making sure Business Catalyst is PCI compliant. We have implemented a large variety of security mechanisms, such as AAA (Authentication, Authorization, and Access Control), attack detection and annihilation mechanisms, encryption of sensitive data, firewalls, anti-virus, etc. All cardholder data specific mechanisms, environments, policies, procedures, etc. have been audited for security compliance by an accredited 3rd party investigator. Moreover, the Business Catalyst code and environments are regularly tested for security holes both manually and using various 3rd party penetration software. A multitude of security standards are considered and followed.
How can I Obtain Proof that Business Catalyst is PCI Compliant?
We provide the PCI compliance related documentation upon request. Just file a ticket with our support team from your Partner Portal or your Admin Console by clicking on the Help & Support option (on the top right corner of the screen) and request these documents:
- The Attestation of Compliance, signed both by Adobe Business Catalyst and the PCI QSA (Qualified Security Assessor)
- The most recent quarterly scan by a PCI SSC (Security Standards Council) Approved Scanning Vendor.
Note: The quarterly scan report will be provided after having received the copy of the bank’s or merchant’s request.
Security White Papers
For a quick look at the various security measures and mechanisms we have implemented in order to provide the highest level of security please take a look at the security overview document or download the Business Catalyst security whitepaper.
More details on adobe security standards could be found on the Adobe Security Resources page.