Today is an important milestone for Upshot Commerce. It has taken a lot of work, time, effort and expense, but it is all worth it. We can now proudly say that Upshot Commerce is not only PCI compliant, we are also FIPS compliant with PII encryption! To many of you, that may not mean anything, so lets explain:
What is PCI-DSS Level 1 Compliance?
The Payment Card Industry Data Standard is a worldwide information standard created by the Payment Card Industry Security Council. This standard was created to establish a series of increased controls surrounding data, with the intent of preventing credit card fraud online. This standard applies to organizations that hold, process and exchange credit card data.
In order to achieve official PCI compliance from the Payment Card Industry Security Council, organizations need to pass a series of costly requirements and tests over a period of time. The entire process often takes 12 months or more to complete. At the end of the process, approved organizations receive an Attestation of Compliance, which confirms and renews the certification as required. Level 1 is the highest level of compliance that an organization can currently achieve.
What is FIPS and PII Encryption?
Federal Information Processing Standards are publicly recognized technical standardizations developed by the US federal government for use by non-military government agencies and government contractors. The purpose of FIPS is to ensure that these agencies follow the same guidelines regarding security and communication according to government standards.
These standards include requirements for encryption data encoding. Personal Identifiable Information (PII) encryption is a process for securing personal customer information according to required US privacy law and information security standards.
Upshot Commerce is one of the first ecommerce platforms to official meet FIPS and PII encryption, making the platform an industry first in government security requirements.
Why is it Important?
Breaches in data security can lead to direct financial losses through credit card fraud and fines. Even more so however, these breaches can lead to a loss in consumer confidence, based on the belief that personal information is not being protected by the businesses they have come to patronize and trust. Complying with PCI DSS standards lowers financial risks associated with account payment data compromises, and helps to boost consumer confidence and trust.
What Does this Mean for Existing Clients?
As an existing Upshot Commerce customer, there are no changes that you need to make to your platform or security settings. It simply means that our data security and software meets the highest standards possible, giving you even greater peace of mind.
How Can I Prove to My Bank that Upshot Commerce is PCI Compliant?
Your bank will ask for a copy of our Attestation of Compliance. Simply request a copy of our AOC, and we’ll be happy to send it to you. Then, just submit to your bank.
If you’d like to learn more about the security features that we offer, please visit our Security, Fraud and Chargeback Prevention page.
For more information about PCI and FIPS Compliance, check out these resources below: