PCI-DSS Certified Level 1 Service Provider
Lucas has completed an exhaustive process of re-certifying our operations to adhere to the current Payment Card Industry - Data Security Standards (PCI-DSS) v3.2. Lucas is pleased to announce that we have received our Attestation of Compliance (AOC) & annual Report on Compliance (ROC) for our Re-Certification as a Certified Level 1 Service Provider (CL1SP).
What does this mean for our Customers?
According to the Payment Card Industry-Security Standards Council (PCI-SSC), a Service Provider is defined as, Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. Examples include, managed service providers that provide managed firewalls, Intrusion detection system (IDS) and other services as well as hosting providers and other entities. https://www.pcisecuritystandards.org/pci_security/glossary#S
Although, Lucas does not process, store, or transmit cardholder data, as a CL1SP, we are required to meet the same stringent security requirements of those companies that do provide these services. As a CL1SP, we are providing our customers the highest level of protection and security for their systems, their customers, their business and brand.
We anticipate Lucas will be added to a Visa®-maintained list of Level 1 Service Providers. This registry serves as a platform where Service Providers can broadcast their compliance with Visa® rules, PCI-DSS requirements, and differentiate themselves from other service providers. Visa® merchants reference this registry to select registered and compliant service providers.
We think it is important that you know that many of our competitors may not have this certification. If you are considering replacing POS systems or software, and knowing that the security of your customer’s cardholder data, your business, and your brand are important to you, then you should consider a company that provides a system that is not only PA-DSS compliant, but a company that will integrate, deliver and support your systems as a PCI-DSS Certified Level 1 Service Provider.