| |
PCI Compliance
Amgraf meets the standard requirements of the Payment Card Industry Data Security Standard (PCI DSS) for safe online shopping. These requirements are meant to guarantee that secure environments are being maintained by any company that is processing, storing or transmitting credit card information. Amgraf is tested and certified as credit card safe on a quarterly basis by Security Metrics.
The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard defined by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations that hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.
Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organization is handling, but regardless of the size of the organization, compliance must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of demonstrating compliance via a Self-Assessment Questionnaire (SAQ).
Enforcement of compliance is done by the bodies holding relationships with the in-scope organizations. Thus, for organizations processing Visa or MasterCard transactions, compliance is enforced by the organization's acquirer, while organizations handling American Express transactions will deal directly with American Express for the purposes of compliance. In the case of third party suppliers such as hosting companies who have business relationships with in-scope organizations, enforcement of compliance falls to the in-scope company, as neither the acquirers nor the card brands will have appropriate contractual relationships in place to mandate compliance. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer, risk losing their ability to process credit card payments and being audited and/or fined.
|
|
Secure Sockets Layer (SSL) Server Data Encryption
Amgraf ensures safe Internet shopping by employing Netscape's technology called SSL or Secured Sockets Layer. SSL works by encrypting your order information so that it is not easily read by unauthorized persons.
What is an SSL Certificate?
At its most basic, an SSL Certificate is a piece of software that encrypts all information moving to and
from the Certificate holder’s website. This means no exchange between the website and its visitors can
be intentionally or accidentally “overheard” by a third party, regardless of whether the visitor is placing
an order or just signing up for a newsletter.
Once a website visitor enters a secure area of an SSL-protected website, the following takes place:
- The visitor’s browser requests a secure session from the server on which the website is stored.
- The server responds by sending the visitor’s browser a digital copy of its server certificate.
- The visitor’s browser verifies that the server’s certificate is valid, is being used by the website
for which it was issued, and has been issued by a Certificate Authority that the browser trusts.
- If the certificate is validated, the browser generates a one-time “session” key and encrypts it
with the server’s public key.
- The visitor’s browser sends the encrypted session key to the server so that both server and
browser have a copy.
- The server decrypts the session key using its private key.
- The SSL “handshake” process is complete, and a secure connection has been established.
- A padlock icon and “https://” prefix appear in the visitor’s browser bar, indicating that a
secure session is under way.
- Called the SSL “handshake,” this entire process takes place behind the scenes, providing an
uninterrupted experience for the site visitor.
|
|