Whether yours is a local or global business, you’ll know that data compliance is essential especially if you are handling credit card information. But for some, server infrastructure is often dated or too costly to manage sensitive data acquisition and distribution requirements with regards to payment data or personally identifiable information. Organisations also suffer if they don't have the tools to allow staff to comply with security policy regarding sensitive information.
This puts your organisation at risk of failing a PCI DSS audit or worse a data breach involving sensitive customer information. What’s more, it can be too costly to implement an MPLS network to all your data collection points (e.g. stores/roving sales representatives) regionally or globally.
The Maytech Solution
Maytech is a provider of PCI compliant data acquisition, data storage and data sharing services. The scope of the compliance is limited to Maytech's Enterprise services provisioned at data centres, which are ISO 27001 accredited / SSAE 16 certified respectively.
Our secure transfer protocols enable safe and PCI DSS-compliant data transfer workflow support. The use of secure protocols for data transfer and of a platform that passes PCI penetration tests ensures a compliant workflow and eliminates key areas of the company’s network from scope of PCI DSS with the cost and reach benefits of the cloud – delivering an enterprise class information work flow.
Data is encrypted in transit using SFTP or HTTPS and at rest using AES-256 encryption. We subscribe to penetration testing and PCI Compliance scanning services from McAfee Secure and
Qualys. FTP-Stream and Quatrix® customers can purchase a license for a dedicated McAfee PCI compliance scan and are therefore able to post the McAfee secure logo on the site.
Maytech is an ISO 27001 certified service provider. Our ISO 27001 certification and our PCI SAQ (level D) together with Attestation of Compliance are available on request.
What are the benefits?
Using Maytech can reduce the scope of your PCI audit. You know that security controls meet PCI certification standards and your site will pass a PCI penetration test. As a PCI compliant hosting provider, we also run daily McAfee scanning for over 40,000 vulnerabilities and PCI specific vulnerabilities ensuring potential risks are identified in a timely manner.
As with all Maytech products, our PCI and SAS 70 (now SSAE 16) compliant hosting also includes an administration hierarchy which enables delegation of roles and granular access controls alongside comprehensive tracking and reporting to ensure full visibility and accountability.
The following diagram shows you how our systems ensure your data is PCI Compliant.