<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=286651792909821&amp;ev=PageView&amp;noscript=1">

What is it?

To increase and enhance payment card data security, Visa, Mastercard, American Express, and JCB International came together in September 2006 to form the Payment Card Industry Security Standard Council (PCI SSC). Together, the card companies share ownership in the council, which helps to execute, manage, and govern the Payment Card Industry (PCI), and ensure compliance.

PCI Applicability to One Inc

One Inc is a Service Provider under the PCI Data Security Standard (PCI DSS) which means we are involved in the transmission, processing and storage of cardholder data but we are not a payment card or bank. Depending on the volume of card transactions a business handles per year, there are different PCI compliance levels. The levels are as follows:

  • Level 1: Service provider that stores, processes, and/or transmits over 300,000 transactions per year
  • Level 2: Service provider that stores, processes, and/or transmits less than 300,000 transactions per year 

One Inc is a Level 1 PCI service provider. To maintain Level 1 PCI compliance, One Inc is required to validate our compliance with PCI DSS by going through an annual PCI assessment conducted by a Qualified Security Assessor. The Security Assessor completes a Report on Compliance (ROC) after the assessment.

PCI Applicability to Insurers

Although any business that transmits, processes or stores cardholder data is required to validate compliance with PCI DSS, payment card brands generally manage their own PCI DSS compliance programs. For more specific information on PCI DSS compliance validation requirements, please contact the payment brands directly.


Systems and Organization Controls (SOC)

For companies that touch, store, process, or impact a customer’s financial or sensitive personal data, like One Inc, regular reviews are conducted by third-party auditors who use the SOC report to verify that the company complies with security, confidentiality, privacy, and other factors.


The National Automated Clearing House Association (Nacha)

Governs the ACH Network, protecting consumers’ sensitive financial and non-financial data, including bank account and routing numbers, social security numbers, etc.


Telephone Consumer Protection Act (TCPA)

One Inc complies with the TCPA that restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 should a company violate the TCPA.

Key Statistics


74% of 2019 payment fraud cases were from checks

2021 AFP Payments Fraud and Control Survey


25% of global organizations keep cardholder payment data secure

2020 Oct Globe Newswire Article

Discover our Platform


PremiumPay® 2.0

Align your payment experience with core systems and securely process credit card and ACH payments.

Explore PremiumPay 2.0

icon_total-loss-residual copy


Deliver fast, secure digital claims payments through payees’ preferred channels and methods.

Explore ClaimsPay

Want to learn more?

Partner with Us