What Does It Take To Be A PCI Level 1 Compliant Provider?

PCI Level 1 Compliance

The card payments industry, and the broader financial industry, is built upon elements of trust and security. If you do not trust your bank or payments provider with your money, how can you ever use them? When we meet clients for the first time we are often asked why they should trust us. One of our replies is that we work with PCI Level 1 compliant companies. In most cases, this understandably results in a blank stare and we go on to explain what this means.

Understanding what PCI Level 1 Compliance is

PCI Level 1 compliance is one of four PCI merchant levels and two service provider levels created as a standard of card and cardholder data security. Just like ISO certification set quality standards, PCI sets the minimum requirements for a high level of security in both eCommerce and in-store payments.

PCI Level 1 is the best possible level that can be attained, and requires, amongst other criteria, a certain volume of transactions. In order to attain this certification, payment providers must process a minimum of 300,000 transactions per year or another amount with a different issuer. It is also important that Internet Service Providers (ISPs) used by the payment provider are able to show ongoing security which prevents potential data breaches and hacks.

Is Arthur a PCI Level 1 Provider?

Arthur is a payments broker service that works with PCI Level 1 providers. We do not currently meet the criteria to obtain such certification but work with national and international partners who hold it. As a result, merchants who sign up through us will accept card payments in the safest possible environment.

Our partners have obtained and maintained their Level 1 certification following stringent period checks. These include:

  • Carrying out an annual compliance report created by a qualified security assessor.
  • Carrying out a quarterly network scan carried out by an approved scanning vendor.
  • Submitting a completed attestation of compliance form.
  • Carrying out periodic penetration tests and internal scans.

Although you certainly do not need to understand the intricacies of this security standard, you should now be better able to attest whether a payments service provider can be trusted or not. At Arthur, we take the security of your payments and your data extremely seriously. This is why we have chosen to only work with PCI Level 1 providers. By using our services, you can rest assured that your funds and information are safe.

Want to find out more?