PCI DSS Compliance

1. What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Established by the major card brands (Visa, Mastercard, American Express, Discover, and JCB), PCI DSS protects both businesses and consumers from data breaches and fraud.

Vantax Pay is certified as a PCI DSS Level 1 Service Provider, which is the highest level of certification available. This certification requires annual security assessments by qualified security assessors (QSAs) and quarterly network scans by approved scanning vendors (ASVs).

2. Our Security Commitment

3. The 12 PCI DSS Requirements

PCI DSS consists of 12 core requirements organized into six control objectives. Vantax Pay adheres to all of these requirements:

Build and Maintain a Secure Network

• Requirement 1: Install and maintain a firewall configuration to protect cardholder data
• Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• Requirement 3: Protect stored cardholder data through encryption and tokenization
• Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

• Requirement 5: Use and regularly update anti-virus software or programs
• Requirement 6: Develop and maintain secure systems and applications with regular security patches

Implement Strong Access Control Measures

• Requirement 7: Restrict access to cardholder data by business need-to-know
• Requirement 8: Assign a unique ID to each person with computer access
• Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

• Requirement 10: Track and monitor all access to network resources and cardholder data
• Requirement 11: Regularly test security systems and networks with penetration testing

Maintain an Information Security Policy

• Requirement 12: Maintain a policy that addresses information security for all personnel

4. Compliance Validation

As a Level 1 Service Provider, Vantax Pay undergoes rigorous validation:

• Annual On-Site Assessment: Conducted by a Qualified Security Assessor (QSA)
• Quarterly Network Scans: Performed by an Approved Scanning Vendor (ASV)
• Attestation of Compliance (AOC): Available upon request for merchants and partners
• Report on Compliance (ROC):>/strong> Comprehensive documentation of our security controls

5. Benefits for Your Business

By using Vantax Pay's PCI-compliant services, your business benefits from:

• Reduced Compliance Burden: We handle the majority of PCI requirements on your behalf
• Simplified SAQ: Most merchants qualify for the shorter SAQ A or SAQ A-EP forms
• Data Breach Protection: Advanced security measures protect your customers' data
• Reduced Liability: Proper security controls minimize your financial exposure
• Customer Trust: Demonstrate your commitment to security to your customers

6. Your Responsibilities

While Vantax Pay maintains PCI compliance for our services, merchants also have responsibilities:

• Complete your PCI Self-Assessment Questionnaire (SAQ) annually
• Conduct quarterly vulnerability scans if applicable
• Maintain secure systems on your end (website, servers, networks)
• Never store CVV/CVC codes or magnetic stripe data
• Train employees on security awareness and cardholder data handling

7. Contact Our Security Team

For questions about PCI compliance, security documentation, or to request our Attestation of Compliance:

• Email: info@vantaxpay.com
• Security Hotline: +86 133 5299 9227
• Report Vulnerabilities: responsible-disclosure@vantaxpay.com

Vantax Pay is committed to maintaining the highest security standards to protect your business and your customers.