To increase and enhance payment card data security, Visa, Mastercard, American Express, and JCB International came together in September 2006 to form the Payment Card Industry Security Standard Council (PCI SSC). Together, the card companies share ownership in the council, which helps to execute, manage, and govern the Payment Card Industry (PCI), and ensure compliance.
One Inc is a Service Provider under the PCI Data Security Standard (PCI DSS) which means we are involved in the transmission, processing, and storage of cardholder data, but we are not a payment card or bank. Depending on the volume of card transactions a business handles per year, there are different PCI-compliance levels. The levels are as follows:
One Inc is a Level 1 PCI Service Provider. To maintain Level 1 PCI compliance, One Inc is required to validate compliance with PCI DSS by going through an annual PCI assessment conducted by a Qualified Security Assessor. The Security Assessor completes a Report-on-Compliance (ROC) after the assessment.
Any business that transmits, processes, or stores cardholder data is required to validate compliance with PCI DSS. Payment card brands manage their own PCI DSS compliance programs. For more specific information on PCI DSS compliance validation requirements, please contact the payment brands directly.
Established by the AICPA, SOC reports provide assurance on the suitability and design of controls established by One Inc that may impact security, confidentiality, or availability of One Inc applications or services. Regular reviews are conducted by third-party auditors to verify One Inc compliance.
Governs the ACH Network, protecting consumers’ sensitive financial data, including bank account and routing numbers.
One Inc complies with the TCPA that restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 should a company violate the TCPA.