fbpx
  • Kundcase
  • Blogg
  • Whitepapers
  • Press
  • Partners
  • Nyhetsbrev
  • Events
  • Kontakt
  • Customer Portal
  • Svenska Svenska Svenska sv
  • English English Engelska en
English
Basefarm Menu
  • Molntjänster
    • Publika molntjänster
      • Publika molntjänster
      • Amazon Web Services
      • Microsoft Azure
    • Privata moln
      • Privata moln
      • VMWare
      • IBM Power Cloud
    • Hybrida moln
      • Hybrida moln
    • Cloud management
  • Säkerhetstjänster
    • Skydda
      • DDOS Skydd
      • Web Application Firewall (WAF)
      • Web Application Vulnerability scan
      • Infrastruktur sårbarhetsanalys
    • Hitta
      • Säkerhetscenter
      • DDOS Skydd
      • Intrusion Detection System (IDS)
      • SIEM as a Service
    • Uppfylla
      • PCI DSS
      • Multi Factor Authentication (MFA)
      • Security Operation Center (SOC)
      • Säkerhetsstandarder
    • Åtgärda
      • Information Security
      • Dedikerade kundteam
      • Security Incident Response Team (SIRT)
  • Big Data och AI
    • Data Science
      • Idéinsamling och avgränsning
      • Prediktivt underhåll och avvikelsedetektering
      • Prediktiv analys
      • Rekommendationssystem
      • NLP och textutvinning
      • Datorvision
      • Djupinlärning
    • Data Engineering
      • Big data-applikationer
      • Molninbyggda program
      • Datakonsolidering
      • Machine Learning as a Service
      • IoT och Industrie 4.0 – End-2-End
  • Om oss
    • Orange köper Basefarm
    • ISO certificates
    • GDPR Compliance Statement
    • Hållbarhet
    • Värderingar
    • Mission & Vision
  • Sök
  • Menu Menu

An effective way to protect your payment data!

ACHIEVING PCI DSS LEVEL 1 IN 4 STEPS: THE GOLD STANDARD OF DATA SECURITY

CYBERSECURITY HIGH ON THE DIGITAL AGENDA

As cybercriminals become more advanced in their methods and tech- niques, international data regulations concerning data security have become stringent . These rigorous legislations pose a significant challenge for many organizations. Nowadays, all companies working with confidential data are expected to go that extra mile to guarantee the security of their data.

For companies in the fintech industry, data security is the core. After all, three-quarters of all data breaches occur out of financial motivations. Cybercriminals often target the transmission, processing, or storage of payment card data. Companies such as web shops, hotels, and corporate booking tools possess large quantities of sensitive data.

So, how can these organizations develop effective policies to protect this data?

To aid fintech organizations in achieving maximum data security, a consortium of major credit card companies has drawn up a directive. The PCI DSS standard of the Payment Card Industry Security Standards Council consists of 12 payment card data security criteria. However, how do you implement a data security policy that effectively meets these 12 criterias? Moreover, how do you stay compliant with this data security gold standard without incurring high costs?

FACTS AND FIGURES

The Data Breach Investigations Report is drafted annually.
It provides a global analysis of all privacy breaches resulting from cybercrime. 76% of all data breaches had a financial motivation, and 68% of breaches were only discovered months after the violation.

WHAT DATA ARE TARGETED?

Of these breaches 15% occurred within the financial sector. More specifically, in 2018, there have been 598 incidents and 146 confirmed breaches. In the retail sector, far fewer incidents occurred, but the number of confirmed data breaches was higher: 169. In these sectors, payment data become a coveted target for cybercriminals. In 2018, within the finance sector, 34% of the confirmed breaches targeted payment data. In retail, this number accounted for.

E-COMMERCE

E-commerce is the most sought after sector for cybercriminals. With the introduction of online electronic payment systems, such as PayPal and iDEAL, the number of payment card fraud incidents has increased exponentially around the world.

According to the 2016 Nilson Report: In 2015, no less than $21 trillion was misappropriated. This trend is expected to continue in the next couple of years, to an estimated $31 trillion by 2020.

Card fraud worldwide

Global losses in $Bil. 2010–2020 with Cents per $100 of total volume

THE 12 CRITERIA OF PCI DSS

The gold standard for Credit Card Data Security

To protect organizations against payment card fraud executed by cybercriminals, a consortium of major credit card companies enacted a data security directive. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit cards.

Since its conception in 2004, multiple versions of the PCI DSS directive have been issued. In January 2018, version 3.2.1 of the standard came into force. The most important principles of data security are captured in the 12 criteria. Companies engaged in the transmission, processing, or storage of payment card data are obliged to comply with these criteria.

ENSURING PCI DSS COMPLIANCE IN 4 CONCRETE STEPS

The PCI DSS directive offers a powerful tool for protecting your organization against data breaches.

But how do you implement a data security policy that effectively meets these 12 criteria?

To help you achieve PCI DSS compliance, Basefarm has developed a four-step plan that can be used by any company that handles payment data. From the evaluation of your infrastructure to continuous monitoring: these four steps are vital for every fintech company.

1. SCAN

Map out your IT environment. Make a blueprint of your IT environment using the 12 PCI DSS criteria. Concentrate on the vulnerabilities of your infrastructure. Is the firewall outdated? Are you experiencing problems with your antivirus software? Start with having a clear insight into your infrastructure

2. DEFINE YOUR SCOPE

Extend the analysis to your partners. Your company may be compliant with all the PCI DSS criteria, but this is insufficient when you are not engaging your partners in this process. Are you using common shared services, such as backup tools? Or are you investing in monitoring and scanning software? The security of your payment card data may be at risk if your partners are not compliant.

3. ACT

Draft an action plan that is based on the insights gained from mapping out your own IT infrastructure, and that of your partners. Make sure to invest in the security of vulnerable services, such as firewalls and cloud transfers. Also, engage your employees and adopt a human resources policy aimed at information security.

4. CHECK

Post implementation of the action plan, monitor the security of your IT environment 24/7. Every moment of vulnerability weakness presents enormous risks for the security of your client data. Invest in external audits performed by independent partners to guarantee the continuity of your data security policy.

LOOKING FOR A COMPREHENSIVE SOLUTION FOR YOUR ORGANIZATION?

Basefarm is one of the few service providers that are members of the PCI Council. Together with partners like Visa, American Express, and Mastercard, we reflect on concrete directives concerning data security.

As part of a select task force within the Council, we compile data security guidelines within the framework of cloud computing and mobile payment.

SIMPLE. COST- EFFECTIVE. COMPLIANT

As a member of the PCI Council, we have the expertise to offer a comprehensive solution for companies that are willing to invest in data security, but that don’t have the time or the means to establish a watertight system themselves. By linking up to the Basefarm Secure Platform, companies immediately meet the highest data protection standards in the industry:
PCI DSS Level 1.

With its Secure Platform, Basefarm assumes full responsibility for complying with international data regulations. Our dedicated team closely monitors the latest data security legislation amendments. Such amendments of laws and regulations are also implemented into our platform, directly. This ensures that your organization is always compliant with the most recent legislation.

OPT FOR AN END-TO-END SOLUTION!

The Basefarm Secure Platform offers a complete solution, saving you valuable time and resources while ensuring that your orgainisation is secure and compliant.

Safegaurd your organisation. Call our experts and discover the potential of the
Basefarm Secure Platform today.

Basefarm’s PCI DSS platform

Learning a lot from this customer specific design, Basefarm has designed and built a PCI DSS platform that allows customers to plug into the platform and secure their transactions and let Basefarm make sure, and take responsibility for that everything works. The Basefarm PCI DSS platform is Level 1 compliant and undergoes an annual on-site security audit, quarterly network scans and validation by a qualified security assessor (QSA) and approved scanning vendor. The Platform of course adheres to all requirements in the compliance framework. This basically means that customers, for a monthly fee, may use the platform for the parts of their solution that falls within compliance requirements. Basefarm is the only hosting provider in Norway and Sweden and one of few in Europe listed as a Visa Merchant Agent in this category.

Experts in PCI DSS compliance operations

Basefarm in an expert in PCI DSS compliance operations on Level 1 and the leading managed service provider with efficient and reliable systems for managing infrastructure platforms and applications. The company has a proven track record in running mission critical systems.

The secure datacenters are built and maintained according to ASHRAE Environmental Guidelines for Datacom Equipment and Basefarm are standardized in ”Telecommunications Infrastructure Standard for Data Centers” (TIA-942).

Basefarm completed the ISO 27001 certification and ISO 14001 certification in 2013. Since 2013, Basefarm are also a member of the global security organization FIRST.org.

Read more about PCI DSS

Business inquiries

Talk with our experts:

Håkan Palmbäck
Head of Business development and Lead generation

hakan.palmback@basefarm.com
+46 735 26 00 45

Press

Sara Murby Forste
Country Manager / VD

sara.murbyforste@basefarm.com
+46 735 260 002

Service Desk 24/7/365

We are here for you :

+46 850 11 26 00
Customer Portal

Career

Are you our new expert?

Stuart Ruddock
Talent acquisition manager

stuart.ruddock@basefarm.com
+46 735 192 442

Social

Let’s get social:

      

Contact the office

Adress: Sveavägen 159, 113 46 Stockholm
Telefon:+46 850 11 26 00

Read our Privacy Policy l Read our GDPR compliance statement
© Copyright - Basefarm
© Copyright - Basefarm
5 tips for better cloud security Basefarm key note på Radar – Nordens största mötesplats för IT be...

Vi använder cookies på vår webbplats för att förbättra din användarupplevelse. När du klickar på någon länk på denna sida ger du ditt samtycke för oss att använda cookies.

OKLäs mer

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Cookie policy Basefarm

COOKIE POLICY BASEFARM

1. COOKIES
1.1 What are cookies?

By using the website you consent to that Basefarm stores cookies on your computer. Cookies are small text files that are placed on your computer while you are browsing a website.

1.2 Basefarm’s use of cookies

Basefarm uses cookies to facilitate your use of our website. This includes using the information collected by the cookies to confirm your login and to remember personalised details and to facilitate the availability of the services on the website.

Cookies are also used to collect information on how the website is used. In addition, with our cooperation partners we collect anonymous information of which browsers that visit the website to show relevant advertising (interest based advertising).

1.3 Manage your cookies

Most browsers are set up to automatically accept cookies. By changing your browser’s settings you can choose between accepting cookies, receiving information when a cookie is placed, or blocking cookies. The way to manage cookies may differ between browsers, but normally the menu is reached through tools or alternatives. If you decide to block Basefarm’s cookies, this may limit the functionality of the website.

You can find more information about cookies and how to delete or block cookies on the website www.allaboutcookies.org.

1.4 More detailed information

Cookie Cookie used and domain Typ of Cookie What does it do? How long is the cookie saved?
 

SESSxxxxxxxxxxxxxxxxxxx

basefarm.com

Session cookie The cookie is used to keep information (not password) about the site editors (Basefarm marketing department) The cookie is deleted after each session.

Google Analytics

[_utma, _utmb, _utmc, _utmz, _ga][Google domain] Link Link Link
Pardot

Pardot, visitor_id128211, lpv128211

pi.pardot.com

Third party cookie Link The cookie is deleted after each session.
ProspectEye

pe99dd216ea3

tr.prospecteye.com

Third party cookie Link 10 months
Privacy policy Basefarm

1. Introduction
Basefarm is committed to protect and respect your privacy. With this privacy policy Basefarm describes how it ensures that your personal data and other data is processed in accordance with applicable data protection laws and cookie legislation.

2. Data controller
Basefarm AS, reg. no. 982 211 743, Nydalen Allé 37a, 0484 Oslo, Norway, is the data controller in relation to personal data being processed on the Norwegian and English versions of the website.
Basefarm AB, reg. no. 556638-0639, Sveavägen 159, 113 46 Stockholm, Sweden, is the data controller in relation to personal data being processed on the Swedish version of the website.
Basefarm BV reg. no. [•], Beechavenue 106, 1119 PP Schiphol-Rijk, Netherlands, is the data controller in relation to personal data being processed on the Dutch version of the website.
The aforementioned Basefarm entities are collectively referred to as “Basefarm” in the following. You will find Basefarm’s contact information under section 10.

3. When does basefarm collect personal data?
When you or your employer sets up an account or signs up for Basefarm’s newsletter;
When you apply for a job at Basefarm or otherwise send a job application to Basefarm;
In the event you turn to Basefarm with inquiries or requests via e-mail or telephone; and
If you have accepted the use of cookies, Basefarm may also collect your IP address. For more information about Basefarm’s use of cookies, please see section 12.

4. What data may Basefarm collect?
The personal data Basefarm may collect includes information about your name and contact details such as address, telephone number and e-mail address, company and any other information you provide. If you apply for a job at Basefarm, Basefarm will process your CV as well as any other information you attach with your application.

5. How does Basefarm process personal data?
The personal data collected by Basefarm is used to manage customer relations, assess potential employees and assist customers and website visitors with any requests or inquiries made on the website. The information may also be used for monitoring and development of Basefarm’s business and website, for example by analyzing statistics of website visitors, and to protect Basefarm’s rights.
If you apply for a job, Basefarm only uses your personal data for the purposes for which you provided the information. However, Basefarm may save interesting applications even after the recruitment period is over. Such applications may also be transferred to other entities within the Basefarm group.

6. To whom may Basefarm disclose the information?
Basefarm will not sell, lease or otherwise transfer any personal data collected to a third party. Basefarm may however transfer the personal data to other companies within the Basefarm group or to business partners if it is necessary to fulfil its obligations towards you.
Personal data may be disclosed if it is necessary to:
a) Comply with applicable law, regulation or similar or to comply with a legal process, request or order from an executive authority;
b) Defend Basefarm’s legal interests; or to
c) Detect, prevent, or otherwise avoid fraud, security breaches or technical issues.

7. Links to external websites
Basefarm’s website may contain links to third-party websites. Basefarm is not responsible for the processing of your personal data on such websites.

8. Amendments
If this policy is amended, Basefarm will publish the amended policy at www.basefarm.com with information about when the amendments will enter into force. If Basefarm carry out any significant changes to the policy, Basefarm may choose to inform by e-mail or by publishing a message on the website.

9. The right to information and recifications
You have the right to require information about what personal data Basefarm is processing about you and for what purposes. You are also entitled to have any incomplete or inaccurate data rectified, erased or blocked. Please see the contact information in section 10 should you have any questions about how Basefarm processes your personal data.

10. Basefarm’s contact information
If you have any questions relating to Basefarm’s processing of personal data, or if you want to invoke your right to access data, please contact relevant Basefarm entity on the address set out below:
Norway/Global:
Basefarm AS
PO Box 4488
Nydalen
0403 Oslo
Sweden:
Basefarm AB
Sveavägen 159
113 46 Stockholm
Netherlands:
Basefarm BV
Beechavenue 106
1119 PP Schiphol-Rijk

11. Security measures
Basefarm has taken the organizational and technical security measures required to protect personal data against unauthorized access, modification and deletion.

Preferens

Keep in touch with us - we’re aware that your inbox is a sacred place, and we’ve, built this page to put you in control.

With your email registration you are accepting that Basefarm is storing your personal data information and is using it to administrate your registration. We would like to send you personal emails with company news, content, invitation to events, webinars, reports, offerings, product and service information. Please check the boxes below what kind of personal information you would like to receive from us.

I am hereby giving consent that Basefarm is sending me emails on following topics:

Accept settingsHide notification only
Scroll to top