• Significantly reduce the costs, risks and lead times associated with PCI DSS security compliance
  • Leverage market leading eCommerce solutions to improve cash flow, customer service and staff productivity
  • Delivering extremely flexible eCommerce solutions which are Level 1 PCI DSS Compliant
  • Bridging the gap between traditional banking products & unique client requirements to deliver significant benefits to business
  • Streamlining sales and accounts receivables processes
  • Proven technology, enjoyed by many ASX top 50 & Fortune 500 corporations

News

FAQ about PCI DSS

What is 'PCI DSS'?
PCI DSS is an abbreviation for Payment Card Industry Data Security Standard. Organisations  processing, storing and/or transmitting credit card details must be PCI-DSS compliant. Compliance is achieved by undertaking two tasks, depending on your transaction volumes. These tasks could include an annual on-site audit, a quarterly vulnerability scan or a self-assessment questionnaire.

What is required to be PCI DSS compliant?
PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply.

Therefore, if your company stores or transfers the PAN (Primary Account Number) which is usually the 16 digit credit card number itself in any way, even if it is only to transmit it directly to a 'real time' payment gateway, or perhaps to store it in some way, then your business must be PCI DSS compliant certified in its own right. The applicable PCI DSS criteria is as follows:

Level 1 - Visa and MasterCard World Wide transactions totalling 6 million and up, per year, and any merchants who have experienced a data breach.
Level 2 - Visa and MasterCard transactions totalling 1 million to 6 million per year.
Level 3 - Visa and MasterCard e-commerce transactions totalling 20,000 to 1 million per year.
Level 4 - Visa and MasterCard e-commerce transactions totalling 1 to 20,000 per year.

What is included in Cardholder Data?
At a minimum, cardholder data contains the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following:

  • Cardholder name
  • Expiration date
  • Service Code

What are the benefits of being PCI DSS compliant?
By being PCI DSS compliant, you will protect your two most important assets, your clients and your cash flow. You will benefit by:

  • Managing risk around identity theft and credit card fraud
  • Boosting customer’s confidence in your security
  • Increasing protection of customer’s data
  • Avoiding penalties/fines imposed by banks or card companies
  • Staying competitive in the market place

These requirements can seem daunting and overly technical at first. IP Solutions provides a full ecommerce consultancy service and we have years of experience in this area so contact us to simplify PCI DSS.

What are the deadlines for complying with PCI DSS?
Compliance is mandated by the payment card brands and  for most merchants, the deadlines for validating compliance with the PCI DSS have already passed. You should check with your acquirer and/or merchant bank to check if any specific deadlines apply to you, based on merchant transaction volume (level) as determined by the card payment brands. All entities that transmit, process or store payment card data must be compliant with PCI DSS.

What is tokenization?
Tokenisation, in its simplest form, is another way of saying ‘data substitution’. It is the act of using a substitute value, or ‘token’, which has no inherent value, in the place of data that does have value. That way, if the system using tokens is compromised, it is the tokens that are taken, not the actual valuable data. Tokenization works by taking the original data value and generating a substitute value, usually with a random number generator. The mapping between the original data and the token is maintained in a secure database.

Obviously, with tokenization, it is imperative to protect the database that contains the mappings between the original data and the tokens. In addition, the fewer times that the tokens are required to be converted back into the original data, the more valuable tokenization is as well.

What is SIPP?
Statement & Invoice, Presentment & Payment (SIPP) is a fully integrated online Invoicing solution.  IP Solutions uses the most flexible and versatile SIPP platform in the payments industry. It ensures merchants receive a fully tailored and integrated solution for an implementation fee that will see a very rapid return on investment. SIPP won the prestigious Asia Pacific ICT award (APICTA) for the most innovative ‘Financial Industry Application’ of 2010.

What is does DTS mean?
Dynamic Transaction Switch ( DTS) is a  Microsoft .Net based transaction management engine that resides on a secured and fault-tolerant telecommunication and server infrastructure. The DTS acts as the electronic transaction processing engine and supports a variety of products and services.

Who is IP Solutions?
IP Solutions is a specialist ecommerce provider of customised corporate payment, billing and receivables solutions. Working with our technology partner IP Payments, clients are able to leverage the business skills and management expertise of our organization whilst accessing the award winning technology of our partner.

How do I contact IP Solutions?
We are located at Level 5, 233 Castlereagh Street, Sydney, NSW 2000. You can call us on  (02) 8231 6644 or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it

If you have a question we will be more than happy to answer it for you. Just Contact Us