Is Your Website Payment Compliant?

If it’s an AVB Alta site, the answer is ‘Absolutely!’

By Don Grevenow, AVB Marketing

AVB Marketing provides a wide variety of services for our members, and for those running the Alta e-commerce platform with us, we have an exciting announcement: We’ve recently completed our annual Payment Card Industry Data Security Standard (PCI DSS) Service Provider Level 2 certification!

Say what???

For those members who are not as familiar with the PCI process, we hope this answers any questions you may have.

What is a Service Provider?

The PCI DSS defines a Service Provider as “a business entity that isn’t a payment brand, but is directly involved in the processing, storage, or transmission of cardholder data on behalf of another business.”  While Alta doesn’t store or process any of our members’ cardholder data directly, it is the underlying platform that transmits the data.

What is PCI compliance?

The Payment Card Industry (PCI), which includes Visa, MasterCard, American Express and other leading card brands, requires service providers, banks and high-volume merchants to follow strict security guidelines, including:

  • Building and maintaining a secure network.
  • Protecting cardholder data.
  • Maintaining a vulnerability management program.
  • Implementing strong access control measures.
  • Regularly monitoring and testing networks.
  • Maintaining an information security policy.

Service providers certify as either Level 1 or Level 2 based on the number of credit card transactions that are handled through their systems annually.

Does AVB Marketing process credit card information?

We don’t. Instead, we trust our terrific payment integration partners to do the processing for our members. However, we still wanted to provide additional reassurance that we’re doing the most we possibly can to ensure safe, secure payments. And because so many members take advantage of our payment integrations, we work hard to maintain this level of certification.

Why is Level II significant?

AVB Marketing has been Level II-certified for a while now. It means that we’ve passed several standards required for certification. This includes:

  • Annual third-party penetration testing to make sure our systems are secure.
  • Quarterly ASV (Approved Scanning Vendor) scans so that we can test for new vulnerabilities as they are seen in the wild.
  • Internal vulnerability scanning to protect against new vulnerabilities as they are disclosed.
  • An annual assessment and report on compliance by a third-party QSA (Qualified Security Assessor) who is trained and certified by the PCI Council to audit and verify that service providers are adhering to the standards.

Our current PCI Certificate of Compliance validity start date was Dec. 8, 2021, and our Attestation of Compliance is available on request by emailing marketing@avb.net if required by your internal PCI certification process.

Don Grevenow is Director, Infrastructure & Operations, for AVB Marketing, the advertising, e-commerce and digital marketing arm of BrandSource parent AVB Inc.