PCI Compliant Platform Versus PCI Certified Platform: Several payment applications self-proclaim themselves to be PCI Compliant. All that takes is for a vendor to do a self-assessment questionnaire and decide for themselves if they believe they meet the PCI Standards. PCI Certified applications like Hitachi Solutions Ecommerce are audited by a Qualified Security Assessor (QSA) that is certified by the PCI Security Standards Council. After that, a final validation is done by the PCI Security Standards Council.
Because data security is one of the utmost priorities of any business, Hitachi Solutions Ecommerce underwent the rigorous process of going through all the steps required to become certified on the PA-DSS 2.0 Standard by the PCI Security Standards Council – the Council’s highest level of security. To attain this certification, Hitachi first performed a self-attestation of the Hitachi Solutions Ecommerce software, and then an independent audit was conducted by a Payment Application QSA. After reviewing the self-attestation and QSA audit, the PCI Security Standards Council awarded Hitachi Solutions Ecommerce the PA-DSS 2.0 Standard designation on July 30, 2013 for Hitachi Solutions Ecommerce Version 7.0.
The Hitachi Solutions Ecommerce product development team evaluates every new feature for PCI compliance during design, technical specification, development and testing processes of the SDLC. The figure below shows how PCI compliance is woven into the Agile Development methodology that our product team follows.
In addition to the guidelines provided by the PCI Security Standards Council, Hitachi goes above and beyond by offering additional features to eliminate credit card fraud. For example, Hitachi Solutions Ecommerce provides a parameterized Auto Fraud screen that allows merchants to enter in criteria to track fraud. For example, in the screenshot below, if an order meets any of these conditions it is marked as a potentially fraudulent order for additional research.
Condition 1: If an order is from a new customer AND over 50 dollars; OR
Condition 2: If an order is over 1,000 dollars in value.
Merchants can set up additional custom parameters like this to eliminate fraud that may not be caught through the traditional AVS verification tools that a payment gateway provides.
Finally, Hitachi Solutions provides a detailed PCI deployment guide that allows you to deploy Hitachi Solutions Ecommerce with a deployment architecture that provides for greater security and makes your deployment hacker-proof to the fullest extent possible.