A guide to PCI compliance with eola
According to the latest numbers from the Privacy Rights Clearinghouse, there have been more than 8,500 data breaches since 2005, compromising over 11 billion consumer records worldwide.
Recognising the need to improve consumer data safety and foster trust in digital payments amongst consumers, a minimum data security standard was introduced in 2006. Mastercard, American Express, Visa, JCB, and discover joined together to form the Payment Card Industry Security Standards Council (PCI SSC).
Prior to this, each of these companies’ security standards were separate, though similar. The PCI SSC brought them into alignment via one standard policy, the PCI Data Security Standards (PCI DSS). This 1,800 page document outlines more than 300 security controls which need to be met by companies that handle card data.
How do I become PCI compliant?
Broadly speaking, compliance with the PCI DSS involves three things:
- Ensuring sensitive card details are handled and transmitted securely
- Ensuring data is stored securely
- Ensuring that the required security controls remain in place via an annual validation
What do I need to do to achieve this with eola?
Very little, thankfully.
At eola, we use Stripe as our payment processing platform. Stripe is Level 1 PCI-certified – the highest level attainable. When one of your customers pays with eola, we don’t actually touch their card details in any way; all the handling, storing and validating is carried out by Stripe. As a result, your customers’ payment information is only handled by one of the most closely monitored payment platforms in the world.
We cannot ensure, though, that you as a business are PCI-compliant, only that payments taken via eola are. As a business, you should not in any way handle or store a customer’s payment card information unless you yourself have been audited and accredited with a valid compliance certificate.
We recommend reading Stripe’s guide to PCI compliance if you’re looking for more information on compliance. If you have any eola-specific questions, you can reach out to your account manager and they’ll be able to help you further.
Dan Steele is the co-founder and CTO of eola