PCI DSS security

The PCI DSS standard has been defined by credit card issuers and concerns, first and foremost, all e-commerce players on whose website bank data is transmitted. Complying with PCI DSS limits fraud by securing more security. This avoids penalties in case of problems and lowers the commission rates on credit card payments while promoting participation in certain calls for tenders. This certification is valid for 1 year.

PCI DSS: it's 1/3 of organization, 1/3 of documentation, 1/3 of configuration.

The latest set of security standards, PCI DSS version 3.2.1, includes 12 primary requirements and more than 300 secondary requirements that reflect best security practices.

Beware of conventional wisdom: if your host is certified PCI DSS, you are not certified PCI DSS provided. And in the best case, 10% of the requirements can only be covered by the e-merchant.

• Certification is done on a case-by-case basis, site by site.
  
• The host responds to some of these requirements, however in the best case 10% of these requirements can only be covered by the Customer. Beware of marketing offers !!!
  
• The service provider is PCI DSS certified. In this case, he chooses the requirements he wants to meet within his service offerings. It is therefore the responsibility of the subscriber of the offer to cover the other requirements to be PCI DSS compliant.
  

• Obtaining and maintaining PCI DSS certification can seem heavy and burdensome for e-merchants. That's why relying on a managed hosting provider, already certified, greatly eases this process.
  
• With PCI DSS certification, Ecritel is increasingly committed to its e-merchant customers and demonstrates its desire to offer the best possible services.