Security Is Our First Priority.Cutting-edge technology with world-class security practices - Rebillia meets and exceeds all PCI-DSS Lavel 1 requirements.
Rebillia Keeps You & Your Customers Secure
Every action undergoes several live authentication processes as it is made.
Sensitive data goes through encryption and tokenization processes for maximum security.
Secure Online Channels
For extra security measures, data is splitted and saved in different safe locations.
What Is PCI-DSS?
Payment Card Industry Data Security Standards, or in short PCI-DSS, is a body (Council) of security standards that was formed by several major card vendors such as American Express, Discover, JCB, MasterCard and Visa. The PCI-DSS consist of 12 main requirements which businesses may measure their own payment card security policies, procedures and guidelines. PCI Compliance comes in 4 different variations, known as “levels”. Each level has its limitations and attention to requirements.
PCI Compliance Levels 2,3,4 (will mostly be marketed by the company as “Full PCI Compliance”) require an annual Self-Assessment Questionnaire (“SAQ”) and Quarterly network scans. As these levels are all about “check yourself and be honest about it” – they don’t hold any PCI-DSS certificate and are very limited in terms of how many transactions and how much money the are allowed to process.
PCI Compliance Level 1 is the ONLY security level in this category that is thoroughly checked and tested by a Qualified Security Assessor (“QSA”), certificated by the PCI-DSS council themselves. This level of compliance will also offer a certificate known as Attestation of Compliance (“AOC”) that proves the company has been accepted by the PCI-DSS council and works under the council’s regulations all-year-long. As there is no higher level of PCI-Compliance, even major names in the market (for examples: Bank of America and Chase Bank) go through this process every year.
Tip: In order to know you are dealing with a secure, certificated, company – ask them to provide their AOC.
Your Security Is Our Number 1 Priority
Rebillia Platform is a PCI-DSS level 1 service provider
Don’t let information sensitivity hold your store back! With real-time multi authentications, layered data encryptions and managing information through divided secure channels, Rebillia Platform is a PCI-DSS level 1 compliant service that not only complies to regulations, but sets new bars in online card holder data security.
AOC and Responsibility Agreement available upon request.
How Are The Security Standard Being Enforced?
After receiving initial compliance certification, becoming PCI compliant, the PCI-DSS council, and its certified providers, requires every company to complete compliance efforts and acceptance on a periodic basis while maintaining security checks 24/7.
Not only that our certification is periodically renewed by the best PCI auditors in the business (Security Metrics), but by using our PCI compliant services, we actively help our clients exceed their security requirements.
Keep your internal security at a high level
Listed below are tips for every merchant to use in order to keep your end of the security at the best it can be
Install and maintain a firewall configuration to protect your internal data.
Use and regularly update an anti-virus software.
Track and monitor all access to sensitive information in your network.
Restrict physical and cyber access to sensitive data in your workplace.
Regularly test your security systems and processes.
Check all external services for PCI compliance documentation.
Assign a unique ID to each person with access to your network.
Do not use pre-supplied default passwords for your accounts’ security.
Our best recommendation – Research companies that provide office network security hardware and software to help you keep your office security up to date. We, at Rebillia, chose Meraki, a Cisco product.
Must a company be PCI compliant when using a third-party PCI compiant service?
Yes. Altough it is proven that using a PCI compliant third-party service will cut down on the exposure risk, it does not exclude a company from PCI compliance.
Is taking credit card information over the phone PCI compliant?
It could be. Because there is a human factor to it, the way to be PCI compliant “over the phone” is by passing your personnel through background checks and security awareness trainings. Keep in mind that while processing live credit card information over the phone, the computer/working station and its security content are another major factor for PCI compliance.
Rebillia eliminates the need for extra personnel screening processes by allowing to use a saved credit card also for over the phone purchases without even decrypting or detokenizing the information.
I want to store credit card data. Why use a third-party service?
By self storing credit card data you are taking the risk and responsibility for the data and you will be required to have a QSA (Qualified Security Assessor) come onsite and perform an audit to ensure that you have all of the controls in place necessary to meet the PCI-DSS specifications.
Using Rebillia Platform as a third party, you remove the risks of independently storing card data and give the responsibility to a compamy that specializes in securely dealing with exactly that! And continuously meets and exceeds all of the PCI-DSS requirements.