Overview of PCI Data Security Standard (PCI DSS)
PCI DSS is the global security standard for all entities that store, process, or transmit cardholder data and/or sensitive authentication data. PCI DSS sets a baseline level of protection for consumers and helps reduce fraud and data breaches across the entire payment ecosystem. It applies to any organization that accepts or processes payment cards.
PCI DSS compliance involves handling the ingress of credit card data from customers, namely, that sensitive card details are collected and transmitted securely. It also involves storing data securely, which is outlined in the 12 security domains of the PCI standard, such as encryption, ongoing monitoring, and security testing of access to card data
How We Process the Payments
The processing of our payments in our Web and Android applications rely on two services which are both PCI-DSS: Stripe which processes Credit Card payments and Paypal which processes Paypal payments.
Purchases within our iOS application are made available via Apple’s in-app purchase mechanism.
We do not store any Credit Card information, only anonymized tokens, as provided by these services.
SAQ-A Self Assessment
SAQ A is for e-commerce/mail/telephone-order (card-not-present) merchants that have fully outsourced all cardholder data functions. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises.
Alohi’s approach to PCI compliance is to perform a SAQ-A self assessment – copies of our certification are available upon request.