VCC Pay’s PCI DSS certification is a milestone for our partners too
We are delighted to announce that we have recently been awarded PCI DSS certification, which is issued by the biggest international electronic funds transfer companies in the world. This is a major achievement in the life of VCC: this certificate not only proves that our already-established VCC Pay system is a safe and secure way to make payments, but also confirms the security and credibility of our business practices and corporate structure.
Previously we announced that, after a long period of development, our new VCC Pay system was finally available. VCC Pay’s innovative technology allows bank card payments to be completed via telephone using real-time agent assistance, and its solution is not only a milestone because of the year of work invested in its preparation, but also because, having subsequently undergone an extensive international auditing procedure, it is now an integral part of VCC’s solution.
To enable VCC’s cloud service to be allowed to process bank card payment-related data, our company had to undergo PCI DSS scrutiny. The international PCI DSS security assessment and restructuring procedure covers a comprehensive set of security regulations, from minor IT security issues to large scale business risks, the requirements of which are set out by the five largest electronic funds transfer companies in the world, including Master Card, Visa and AMEX.
The PCI DSS auditing procedure takes over 600 security requirements into consideration, and includes risk assessments, document verifications, personal interviews and proofs of operation: in the case of Virtual Call Center, this meant more than two years of preparation, 1000 hours of co-operation, more than 20 hours of personal interviews, and the entering of several thousand data records. One of the most important phases of the audit was when the system’s vulnerability was tested by multi-stage ethical hacking.
We are proud to announce that VCC succeeded in fulfilling all requirements, and that in terms of the PCI DSS procedure, AperSky, the fully PCI Council QSA-licensed company which carries out audits in Hungary, identified only five cases where we had to modify our system. At the end of the audit Péter Tátrai, the Managing Director of AperSky, handed over the certificate, in the presence of the entire VCC team.
In one of our previous posts we mentioned that PCI DSS certification will provide assurance for our business partners, and offers several advantages for them in the long term. What exactly are those advantages? In addition to its security aspects, the PCI DSS procedure can also be seen as a comprehensive quality assurance system, since it analyses all business processes which might carry any degree of risk. VCC has always adhered to the highest security standards, but with PCI DSS Certification, our commitment to security is now even more evident and transparent, giving other companies operating on low-risk principles a real feeling of confidence when working with us.