To increase and enhance payment card data security, Visa, Mastercard, American Express, and JCB International came together in September 2006 to form the Payment Card Industry Security Standard Council (PCI SSC). Together, the card companies share ownership in the council, which helps to execute, manage, and govern the Payment Card Industry (PCI), and ensure compliance.
One Inc is a Service Provider under the PCI Data Security Standard (PCI DSS) which means we are involved in the transmission, processing and storage of cardholder data but we are not a payment card or bank. Depending on the volume of card transactions a business handles per year, there are different PCI compliance levels. The levels are as follows:
One Inc is a Level 1 PCI service provider. To maintain Level 1 PCI compliance, One Inc is required to validate our compliance with PCI DSS by going through an annual PCI assessment conducted by a Qualified Security Assessor. The Security Assessor completes a Report on Compliance (ROC) after the assessment.
Although any business that transmits, processes or stores cardholder data is required to validate compliance with PCI DSS, payment card brands generally manage their own PCI DSS compliance programs. For more specific information on PCI DSS compliance validation requirements, please contact the payment brands directly.
For companies that touch, store, process, or impact a customer’s financial or sensitive personal data, like One Inc, regular reviews are conducted by third-party auditors who use the SOC report to verify that the company complies with security, confidentiality, privacy, and other factors.
Governs the ACH Network, protecting consumers’ sensitive financial and non-financial data, including bank account and routing numbers, social security numbers, etc.
One Inc complies with the TCPA that restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 should a company violate the TCPA.