About PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is maintained by the PCI Security Standards Council, an independent body created by the card networks in 2006. Any business that accepts credit card payments and transmits, processes and/or stores the related data must follow the PCI standard.
The PCI standard consists of 12 security requirements including encryption of cardholder data, managing firewalls, updating antivirus software, and assigning unique IDs to each person with computer access.
PCI compliance levels are based on transaction volumes, with Level 1 being the most stringent requirement for the highest-volume processors.
Current Certification Status
PCI Booking Ltd, the company that operates the Orchestra Solutions service, maintains PCI DSS Level 1 Service Provider compliance – the highest certification level available.
Certification Details:
- Level: PCI DSS Level 1 Service Provider
- Version: PCI DSS v4.0
- Compliance Date: December 2023
- Certificate: View PCI Compliance Certificate
Attestation of Compliance (AOC)
PCI Booking Ltd receives an annual Attestation of Compliance (AOC) from a Qualified Security Assessor (QSA). A new AOC is issued each year, typically in December.
Customer Compliance Documentation
Organizations using Orchestra’s services can demonstrate PCI compliance by completing the Self Assessment Questionnaire D for Service Providers (SAQ-D), indicating outsourced credit card processing and handling to Orchestra.
Sufficient documentation includes:
- Completed SAQ-D form
- PCI Booking Ltd’s AOC
Contact Information
For compliance documentation requests or questions:
- Email: Contact our team
- Additional resources: PCI Security Standards Council Documents Library