Lyons Commercial Data PCI-DSS compliance
The PCI-DSS (Payment Card Industry Data Security Standards) is a comprehensive set of requirements designed to enhance card payment security. The standard evolved as the major credit card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, joined together to develop a set of consistent data security standards on a global basis.
Who is covered by PCI requirements
PCI standard applies to all card merchants and service providers that store, process or transmit cardholder data. The level of scrutiny for processors is particularly high. Autoscribe, the parent company of Lyons Commercial Data, has successfully met the necessary data security requirements and has completed a Cardholder Information Security Program (CISP) review based on the Payment Card Industry Data Security Standard (PCI DSS) to become a Payment Card Industry (PCI) compliant service provider. As a subsidiary of Autoscribe, Lyons Information Security Program complies with the PCI DSS, and is audited annually by a Qualified Data Security Assessor certified by Visa to perform such audits.
On-site assessments ensure compliance
There are three levels of PCI-DSS compliance. Level 1 is the highest level of compliance imposing the most stringent data security requirements upon service providers and payment gateway providers. On-going best practices are enforced by quarterly network security scans and annual on-site PCI Data Security assessments performed by a third-party Qualified Security Assessor. Autoscribe and its subsidiaries, PaymentVision and Lyons Commercial Data, are Service Providers Level 1.
Download the current list of PCI-DSS compliant service providers from the VISA site: http://www.visa.com/splisting/
You can rely on Lyons to handle your sensitive financial and SSN data security because our security infrastructure is designed to support:
- Data encryption, both in transit and at rest
- Multiple firewall layers protecting internal segments
- Network monitoring by intrusion detection appliances at the perimeter and internally
- Application scans performed quarterly by an independent third party
- Background checks for all PaymentVision employees
- Facility limited to proximity card security access with visible picture IDs and equipped with video and infrared monitors at all entrances and within the data center
- Encryption of all passwords allowing system access