MigSolv, (Migration Solutions), has been awarded PCI DSS accreditation through external audit of its systems for security and compliance. PCI DSS is the Payment Card Industry Data Security Standard and is a standard that all organisations, including online retailers, must follow when storing, processing and transmitting their customer's credit card data. Customers of any colocation provider who transact credit cards should ensure that the provider has PCI DSS accreditation as, otherwise, they could fall foul of the standard.
There are two ways in which accreditation can be obtained; this first is to self assess, i.e. state that you have looked at your own systems and are comfortable that you are compliant, the second is to be assessed by a third party auditor who will issue an ‘Attestation of Compliance’ if they deem you to be compliant. Whilst many colocation providers choose the simpler, self assessment route, MigSolv considered the matter of security of such importance that they elected for third party audit. MigSolv MD, Alex Rabbetts, said, “At MigSolv we take security very seriously indeed. Whilst it would be much easier to simply say ‘we comply’ and hope for the best, we think the security of our customers, and that of their customers, to be of sufficient importance that we wanted to provide the comfort that we have been audited by others and it isn’t just us saying ‘we’re compliant’, it is a professional auditor that is saying,’MigSolv is compliant’. We believe this is a much stronger statement for our customers to rely on.
Tim Holman, CEO of Qualified Security Assessors 2-sec said, “Migration Solutions have demonstrated they take information security seriously and have exceeded the security requirements laid down by PCI DSS during their recent Level 1 Service Provider audit."
Following receipt of the Attestation of Compliance, MigSolv further submitted an application for registration on the Visa Merchant Agent website. This is an important step as Visa Europe state clearly on their website that: ‘With effect from 31 December 2012, Visa Europe acquiring members must ensure that their merchants use only merchant agents that are registered by Visa Europe and listed on www.visamerchantagentslist.com’. They further state, ‘If a merchant or retailer has engaged you to provide services that involve processing, storing or transmitting cardholder data, (directly or indirectly), then you are a merchant agent.’ This clearly puts colocation in the frame. MigSolv has subsequently been listed on the Visa Merchant Agent list and is one of only two companies that is listed as colocation and having been externally audited for Level 1 PCI DSS compliance.
David Manning, Operations Director at MigSolv said, “Our PCI DSS compliance, combined with our listing as a Visa Merchant Agent, makes a very strong statement to our customers. Customers that are subject to the PCI DSS standard really only have two choices, one of the two externally audited Level 1 colocation companies listed with Visa Europe, or a risk – I know which route I would prefer!”