Overview
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security specifications designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment. PCI DSS is internationally recognised accreditation, and is continually reviewed and updated by the Payment Card Industry Security Standards Council (PCI SSC).
Neto's platform and security has been assessed and evaluated, achieving a PCI DSS level 1 compliance. Not only does this apply to Neto's internal security, but also the security of the Neto control panel software. By using Neto for your website, it meets PCI requirements as well.
Advantages to PCI Compliance
PCI compliance certifies Neto (and by extension, anyone using Neto software) to handle customers personal and financial data in a secure manner. Operating a PCI compliant webstore means you can be confident in the security features protecting you and your customer's information.
To remain compliant, Neto conducts internal and external vulnerability scanning every 3 months (or sooner as required) and penetration testing every 12 months. This ensures that changes to the software or infrastructure haven't compromised security in any way.
Compliance Obligations
Compliance has many requirements that both Neto, and you as an eCommerce merchant, must adhere to. For many of the requirements, compliance is achieved in restricting what information the control panel stores (such as card holder data), enforcing password policies, and providing tools to manage users.
It is still important to read and review the obligations that apply to you (referred to as the "merchant") and any shared responsibilities, as these form a part of Neto's terms and conditions. You can view the breakdown of compliance responsibility here.
Proof of Compliance
If you'd like a copy of Neto's PCI DSS Attestation of Compliance (AOC) please contact our support team via email.