The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The scope of the PCI DSS includes all systems, networks, and applications that process, store, or transmit cardholder data, and also systems that are used to secure and log access to the systems in scope.
We maintain compliance with the current version of the PCI DSS to ensure safe and secure handling of customers’ payment card information, and rigorous data security standards to ensure that our customer’s credit card information remains safe and secure.
PCI DSS is the global security standard for all entities that store, process, or transmit cardholder data and/or sensitive authentication data. PCI DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. It applies to any organization that accepts or processes payment cards.
PCI DSS compliance involves handling the ingress of credit card data from customers, namely, that sensitive card details are collected and transmitted securely. It also involves storing data securely, which is outlined in the 12 security domains of the PCI standard, such as encryption, ongoing monitoring, and security testing of access to card data
The processing of our payments in our Web and Android applications rely on two services which are both PCI-DSS: Stripe which processes Credit Card payments and Paypal which processes Paypal payments.
Purchases within our iOS application are made available via Apple’s in-app purchase mechanism.
We do not store any Credit Card information, only anonymized tokens, as provided by these services.
SAQ A is for e-commerce/mail/telephone-order (card-not-present) merchants that have fully outsourced all cardholder data functions. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.
Alohi’s approach to PCI compliance is to perform a SAQ-A self assessment – copies of our certification are available upon request.