Are you a Merchant, Publisher, or a Verifier? Let's work together
We're a PCI level 1 Service Provider
At Enigmatic Smile, our technology has been engineered with security as our number one priority. We are compliant with PCI DSS and all data we store or transmit is 256 bit encrypted to bank level standards. At the core of our systems and values is the commitment to keeping our partners and their customers’ data secure.
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) sets the requirements for businesses to safely and securely handle cardholder data in order to prevent fraud and data breaches. Overall, having PCI compliance improves the security of a business, builds customer confidence and strengthens reputation. PCI DSS is governed by the PCI Security Standards Council who are an independent body created by Visa, MasterCard, American Express, JCB International and Discover Financial Services. The council is led by a policy-setting committee made up of representatives from the five founding card companies.
Who must comply?
Any business that stores, processes, or transmits cardholder data must comply with PCI DSS. There are four levels of PCI compliance, and the volume of card transactions that a business processes determines the level they are awarded. In addition to this, each level of compliance has different validation requirements set out by Visa and MasterCard. Enigmatic Smile is proud to have achieved Level 1 PCI Compliance, the highest and most stringent grade of security. This validation applies to both our payment systems and our members of staff who are involved in processing transactions.
How is compliancy achieved?
As a Service Provider, Enigmatic Smile is audited each year by an independent external Qualified Security Assessor (QSA) and we must achieve an annual compliance report known as a Report on Compliance. This involves proving that we have policies in place to implement the security standards and providing evidence to show that we adhere to them. As part of this we must also conduct quarterly network security scans using an Approved Scan Vendor (ASV) against our systems and produce an Attestation of Compliance form (AoC).