Volusion Trust

Compliance

Meeting the Payment Card Industry's Data Security Standards (PCI DSS).

For almost fifteen years, Volusion has maintained compliance with the Payment Card Industry’s Data Security Standard (PCI DSS). This standard started through extensive cooperation by the card brands (Visa, MasterCard, etc.) to ensure that businesses who process card data do so securely. Version 1.0 of the standard was released in 2004 and Volusion led the way to quickly integrate its requirements into business practices. In early 2006, Volusion completed its first audit and has remained compliant ever since. Categorized as a Level 1 Service Provider, Voluison is held to the strictest level of compliance to the PCI DSS.

PCI DSS

The PCI DSS is broken into six high level goals to be accomplished by meeting twelve requirements (see below). Each requirement is further broken down into numerous sub-requirements (over 200 in all).

GOALSPCI DSS REQUIREMENTS
Build and Maintain a Secure Network
  1. 1. Install and mantain a firewall configuration to protect cardholder Data
  2. 2. Do not use vendor-supplied defaults system passwords and other security parameters
Protect Cardholder Data
  1. 3. Protect store cardholder data
  2. 4. Encrypt transmission of cardholder data across open, public networks
Mantain a Vulnerability Management Program
  1. 5. Use and regularly update anti-virus software or programs
  2. 6. Develop and mantain secure systems and applications
Implement Strong Access Control Measures
  1. 7. Restrict access to cardholder data by bussiness need-to-know
  2. 8. Assign a unique ID to each person with computer access
  3. 9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  1. 10. Track and monitor all access to network resources and cardholder data
  2. 11. Regularly test security systems and processes
Mantain an Information Security Policy
  1. 12. Maintain a policy that addresses information security for employees and contractors

For merchants requesting additional log data, please email [email protected].

For those merchants requiring a copy of Volusion’s Attestation of Compliance (AOC), please click here.