The Level 1 PCI DSS (Payment Card Industry Data Security Standard) certification is awarded only to merchants who process over 6 million payment card transactions annually (all channels) or global merchants identified as Level 1 by any Visa region.

The PCI DSS was created in 2004 as an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. The current version of this standard (1.2) specifies the 12 requirements needed to gain certification.

PFSweb became PCI-compliant in April 2008 and has maintained its compliance by passing annual audits conducted by our QSA (Qualified Security Assessor), Trustwave. Trustwave is contracted to perform the following:

  • Quarterly Vulnerability scans – Four passing quarterly scans must occurred in the most recent 12-month period
  • Annual Penetration Test – A penetration test is conducted annually by SpiderLabs, a division of Trustwave
  • Annual Onsite Audit – An onsite audit is conducted by Trustwave in which all 12 PCI requirements are evaluated

PFSweb allows customers to purchase products using a credit card as form of payment. All credit card processing and storage is handled through the Plano, TX data centre. PAN (Primary Account Number) and expiration date is stored using AES 256-bit encryption in a sensitive data repository (SDR) which is a highly secured zone that is segmented from the rest of the PFSweb network.

U.S. – European Union Safe Harbor

We Self-Certify Compliance with:

The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.

In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework.

PFSweb signed up to Safe Harbor on the 31st of January 2011.

ISO 9001:2008

ISO 9001 is a set of internationally agreed standards providing guidelines for a Quality Management System.
PFSweb has developed and implemented this quality management system to demonstrate its ability to consistently provide products that meet customer and statutory and regulatory requirements, and to address customer satisfaction through the effective application of the system, including continual improvement and the prevention of nonconformity. This guarantees quality of processes and a certain transparency.

This also certifies that your processes are completed with effectiveness (desired results achieved) and efficiency (a maximum of results with a minimum of resources).