It is worth to state that following the guidance from DRS Tools, the company is fully PCI DSS compliant. The PCI DSS or the Payment Card Industry Data Security Standard is a set of security standards that was designed to make sure that ANY and ALL companies that accepts, stores, processes, submits or transmits credit card information does this securely and with no harm.
To clarify, DRS Tools never has access to what actually is a cardholder’s credit card information. However, it is the only company that takes up the Credit card processing and storage procedure. Digital River is approved as the PCI Level 1 Service Provider – the highest degree of compliance at the moment existing within the context of digital payments.
Digitized River’s compliance with the DRS Tools is achieved through an annual affirmation. Attestation of Compliance or AoC as it is commonly referred to be available on requisition.
In the light of the above DRS Tools developer of DRS Data Recovery Tools (DRS Tools) acknowledges the need to protect card holder data. The following statement provides the company’s PCI DSS compliance plan and how we will ensure that we meet the provisions of the recommendations.
Scope: All DRS Tools are not intended for handling, storing or transmitting any card holder data. Nevertheless, we realize that some of the DRS Tools users might process cardholder data on the very same system. This statement will serve to make such customers understand the part played by our company in accepting, processing, or facilitating PCI DSS compliance.
PCI DSS Requirements: As much as we recognize that the PCI DSS is compliance requirement irrespective of the organizations type, size or location if it stores, transmits, or processes card holder data. Although DRS Tools themselves are out of the PCI DSS scope, the Team does our best to adhere to the industry standards of data protection to exclude any potential threat to the customers’ cardholder data.
Security Controls: Security controls are put in place at DRS Tools to safeguard the systems and data belonging to its users. These controls include:
Secure Development Practices: This we do in order to reduce the number of opens in DRS Tools while at the same time ensuring maximum security.
Access Controls: So, we limit the data access to authorized personnel only, as well as systems’ access.
Data Encryption:We protect our data in both storage states, namely, when they are at rest and when they are in motion (as far as possible).
Regular Security Reviews: It is important to recall that documents’ security is an important aspects of a company’s activity so we complete security check on regular basis to detect potential problems.
Vendor Management: Security measures are common with many vendors; therefore, we assess and mitigate their security measures meticulously.
What Customers Need to Do: DRS tools are used by customers on their systems that process card holder data and it is then the responsibility of the customers to ensure that they follow the rules set by the PCI DSS. These customers should do what we say: What these customers should do is as follows:
Discover how much of cardholder data they can handle or are allowed to handle.
If indeed you wish to have an inkling as to what risks exist in your vicinity, then you should conduct a risk assessment.
Begin a process of achieving the PCI DSS compliance.
Based on the Indian government guidelines, they recently probably examined and might have altered their security controls. It is now important that these controls are periodically reviewed and if need be adjusted.
Not affiliated: This message is just for discussion; it doesn’t persuade that any of the clients is obeying the PCI DSS. It is the client’s responsibility to ensure that they adhere to the set rules of PCI DSS and not the provider. This means that customers have to ensure they do the following, as is dictated by PCI DSS.
If the reader has any questions regarding DRS Tools and/or PCI DSS, he/she is welcome to contact us through email at [contact us via email].
By choosing to perform work with the help of DRS Tools, you acknowledge that you have read and are acquainted with the following PCI DSS Compliance Statement.