What is it?
To increase and enhance payment card data security, Visa, Mastercard, American Express, and JCB International came together in September 2006 to form the Payment Card Industry Security Standard Council (PCI SSC). Together, the card companies share ownership in the council, which helps to execute, manage, and govern the Payment Card Industry (PCI), and ensure compliance.
PCI Applicability to One Inc
One Inc is a Service Provider under the PCI Data Security Standard (PCI DSS) which means we are involved in the transmission, processing and storage of cardholder data but we are not a payment card or bank. Depending on the volume of card transactions a business handles per year, there are different PCI compliance levels. The levels are as follows:
- Level 1: Service provider that stores, processes, and/or transmits over 300,000 transactions per year
- Level 2: Service provider that stores, processes, and/or transmits less than 300,000 transactions per year
One Inc is a Level 1 PCI service provider. To maintain Level 1 PCI compliance, One Inc is required to validate our compliance with PCI DSS by going through an annual PCI assessment conducted by a Qualified Security Assessor. The Security Assessor completes a Report on Compliance (ROC) after the assessment.
PCI Applicability to Insurers
Although any business that transmits, processes or stores cardholder data is required to validate compliance with PCI DSS, payment card brands generally manage their own PCI DSS compliance programs. For more specific information on PCI DSS compliance validation requirements, please contact the payment brands directly.