What Is PCI DSS Compliance?
Click & Pledge is a PCI Level 1 provider. PCI DSS compliance standards require strict adherence to a large number of security requirements to maintain our certification. All servers, workstations, network connections, products and offices are audited annually by a 3rd party PCI DSS qualified security assessor (QSA).
Additionally, both the official QSA and an additional 3rd party performs in-depth scans and vulnerability tests quarterly.
Some of the requirements for security include:
- All servers must maintain up-to-date system patches, and antivirus software.
- All firewalls and security appliance patches are up-to-date.
- Only employees with specific needs are able to access any system within the Click & Pledge network.
- Encryption protocols are the most secure available. Weaker encryption methods are retired on a strict schedule.
- Two-Factor authentication and high-level encryption is required for employee access from outside of our network.
- Physical access to Click & Pledge’s offices and data centers are controlled and monitored 24/7.
- Other security procedures, above and beyond PCI requirement include:
- Firewall and security appliance logs are monitored continuously. Any attempted intrusions are blocked immediately.
- Our Internet service is monitored continuously to maintain maximum network performance.
- There are no wireless devices within the Click & Pledge network.
Click & Pledge’s primary data center is a Tier 3 facility. All servers and equipment are fully redundant. Our facilities include the following redundant and high-availability features.
- All servers have redundant power-supplies.
- All servers receive power through two different sources (Separate power connections, separate high-capacity UPSs, separate primary power-feeds.)
- All servers have redundant network connections.
- Click & Pledge’s firewalls, load-balancers and network switches are fully redundant.
- The datacenter has 3 gigabit speed Internet connections from different providers.
- A 135kVA diesel generator provides power to the center in the event of a primary power disruption.
- Click & Pledge employs a worldwide “cache server” network that optimizes delivery and insures access with servers located in over 1500 locations worldwide.