The problems with PCI compliance
For some, server infrastructure is often dated, or too costly, to manage sensitive data acquisition and distribution requirements with regards to payment data or personally identifiable information. Organisations also suffer if they don’t have the tools to allow staff to comply with security policy regarding sensitive information.
This puts your organisation at risk of failing a PCI DSS audit – or worse, a data breach involving sensitive customer information. What’s more, it can be too costly to implement an MPLS network to all your data collection points (e.g. stores/roving sales representatives) regionally or globally.
The Maytech solution
Maytech provides PCI compliant data acquisition, PCI data storage and PCI data sharing services. Our secure transfer protocols enable safe and PCI DSS-compliant data transfer workflow support.
Using secure protocols and a platform that passes PCI penetration tests, we ensure PCI-compliant workflows and limit organisations’ PCI DSS scope. All this with the cost and reach benefits of the cloud – delivering an enterprise class information work flow.
Data is encrypted in transit using SFTP or HTTPS and at rest using AES-256 encryption. We subscribe to penetration testing and PCI Compliance scanning services from McAfee Secure. Quatrix® customers can purchase a licence for a dedicated McAfee PCI compliance scan and are therefore able to post the McAfee secure logo on the site.
Maytech is an ISO 27001 certified service provider with accredited data centres. Our ISO 27001 certification and our PCI SAQ (level D) together with Attestation of Compliance are available on request.
What are the benefits to Maytech’s PCI compliant hosting?
Using Maytech can reduce the scope of your PCI audit. You know that security controls meet PCI certification standards and your site will pass a PCI penetration test. As a PCI compliant hosting provider, we also run daily McAfee scanning for over 40,000 vulnerabilities and PCI specific vulnerabilities ensuring potential risks are identified in a timely manner.
As with all Maytech products, our PCI and SAS 70 (now SSAE 16) compliant hosting also includes an administration hierarchy which enables delegation of roles and granular access controls alongside comprehensive tracking and reporting to ensure full visibility and accountability.
The following diagram shows how our systems keep your data PCI Compliant.