Freshtix is a fully compliant PCI-DSS (Payment Card Industry Data Security Standard) Level 2 merchant.
PCI-DSS is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
The standards include twelve requirements, each of which has multiple sub-requirements.
The twelve requirements are grouped into the following six categories:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Regular Network Security Scans take place by an automated tool that checks systems for vulnerabilities and is applicable to merchants with externally-facing IP addresses that are connected to their payment card processing environment. It conducts a non-intrusive scan to remotely review networks and Web applications based in the externally-facing Internet Protocol (IP) address provided by the merchant.
Our Attestation of Compliance and Certificate of Compliance are both available upon request.
All staff are trained to understand their roles and responsibilities in regards to protecting and handling sensitive cardholder data. Any member of staff handling cardholder data must complete PCI-DSS compliance training regularly.