What’s PCI DSS ?
The Payment Card Industry Data Security Standard (PCI DSS) is a security standard designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The PCI DSS applies to all organisations storing, transmitting or processing credit card data, regardless of size or number of transactions.
PCI DSS compliance requires systematic deployment of a control set addressing infrastructure architecture and configuration, vulnerability management development, physical security, procedural controls on access, asset and incident management, supported by comprehensive documentation. PCI DSS requirements are complex and can be difficult to implement, and even more difficult to maintain.
Despite the challenges, maintaining PCI DSS is important for many reasons. Non-compliance can lead to increased risk of sensitive data breach, with consequential reputational and financial loss.
The PCI DSS imposes a duty on all compliant companies to ensure their supply chain is PCI compliant.
Paragon Customer Communications understands these challenges. We offer a PCI DSS compliant solution to meet your obligations through our range of products and services.
Paragon Customer Communications has subject matter experts who can work with you to understand your requirements, create the right solutions to meet your PCI DSS needs and provide a technologically secure and sophisticated environment to ease the burden of PCI DSS compliance for your organisation.
What we offer
Paragon Customer Communications is a PCI DSS attested service provider, providing print, mail and archive services including PIN mailer production. Our PCI DSS compliant product range includes the following three key products that together provide a secure platform for processing and managing PCI DSS compliant customer communications.
Paragon Transactional Print
We offer a purpose built, highly secure Cardholder Data Environment (CDE) that enables the processing and production of PCI DSS compliant communications for the retail finance and banking sectors. Paragon Customer Communications meets both compliance and business demands of credit card companies and banks, by providing attested security compliance and second to none production values, service levels and management information. We currently process and distribute over 4 million pieces of communication a day on behalf of our customers through the PCI compliant networks.
Paragon Customer Communications leverages tokenisation technology to reduce the scope of PCI compliance. Tokenisation involves the replacement of the full PAN number with a 16 digit string that is not a credit card number. Paragon Archives contain only tokenised data. In the unlikely event of a breach, no credit card data is lost. Web interfaces may be configured to return document images containing fully masked, partially masked or complete PANs, according to client requirements.
Currently under development and expected to be released in Q1 2018, PCI DSS HybridMail service allows client back office users to create end user communications containing the full PAN on their PCs. The service will securely send these documents with PAN data from your offices into our CDE using an encrypted link. Once in the CDE, the documents join the standard document workflow, through to secure production supported by comprehensive MI.
· Securely handle the credit card data present within your customer communications such as credit card statements, PIN mailings, and archived materials
· Reduce the risk of potential cyber-attacks whilst ensuring the highest standards of data integrity
· Ensure the processes you manage for your customers are executed to the highest standards of security and integrity
· Fulfil all your requirements and compliance – but with added quality, customer experience, commercial opportunities and production efficiencies
· PCI DSS Certified Service
· Secure Network Architecture
· Infrastructure Hardening Standards
· Secure Software Development Lifecycle
· Security Monitoring, including SIEM, IPS, and FIM
· Internal and External Vulnerability, Scanning and Penetration Testing