The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC). Additional information can be found at https://www.pcisecuritystandards.org.

Digital River complies to the highest standard as a Level 1 Service Provider and Merchant. We undergo exhaustive annual audits and monthly scans by qualified assessors. To ensure compliance requirements and protect your customers, Digital River:

  • Builds and maintains a secure network and systems
  • Tokenizes and protects cardholder data
  • Maintains a vulnerability management program
  • Implements strong access control measures
  • Regularly monitors and tests networks
  • Maintains an information security policy

Our recommendation to ensure PCI compliance easily and effectively is to leverage our JavaScript library, DigitalRiver.js, to secure your customers’ data in a compliant manner while maintaining control over the shopping experience. Most of our clients can then easily complete a PCI Self-Assessment Questionnaire (SAQ) maintained by the PCI Security Standards Council.