The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands—Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data.
Logiforms Software Inc. completes an annual PCI DSS assessment using an approved Qualified Security Assessor (QSA). The assessment results in an Attestation of Compliance (AoC) that can be downloaded here. The effective period for compliance begins upon passing the audit and receiving the AoC from the assessor, and ends one year from the date the AoC is signed. The AoC is available to customers to show that Logiforms’s QSA has determined Logiforms to be in compliance with PCI DSS v3.1.
Customers who want to develop forms and workflows that can leverage Logiforms validation in many of the underlying portions, thereby reducing the associated effort and costs of getting their own PCI DSS certification when/if needed.
It is, however, important to understand that Logiforms PCI DSS compliance status does not automatically translate to PCI DSS certification for the forms, workflows and other components that customers build or host on the Logiforms platform. Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements. Customers should review Logiforms PCI Guidelines in our knowledge base to ensure that their use of the Logiforms platform complies with PCI guidelines and to determine specifies areas of responsibility for each PCI DSS requirement, and whether it is assigned to Logiforms or the customer, or if the responsibility is shared. Misuse of of the Logiforms platform or use in a way for which it was not intended may affect your compliance under PCI guidelines.
Frequently Asked Questions
What is an acquirer and does Logiforms use one?
An “acquirer” is a bank or other entity that processes payment card transactions. Logiforms does not offer payment card processing as a service and thus does not use an acquirer. Logiforms provides integration points with several card processing services, all of which are PCI compliant.
Why isn’t Logiforms listed as a compliant service provider on MasterCard and VISA lists?
Logiforms does not provide a credit card processing service itself, does not hold credit card information, and does not use an acquirer. Therefore, validation from issuing banks is not necessary for Logiforms, and Logiforms is not on these lists. However, Logiforms provides a PCI DSS compliant platform for customers to integrate with card processing service and develop secure forms and applications.
To what organizations and merchants does the PCI DSS apply?
It applies to any company, no matter the size or number of transactions, that accepts, transmits, or stores cardholder data. That is, if any customer ever pays a company using a credit or debit card, then the PCI DSS requirements apply.
Companies are validated at one of four levels based on the total transaction volume over a 12-month period. Level 1 is for companies that process over 6 million transactions a year; Level 2 for 1 million to 6 million transactions; Level 3 is for 20,000 to 1 million transactions; and Level 4 is for fewer than 20,000 transactions.
How can I get copies of the Logiforms Attestations of Compliance (AoCs)?
Our AVS Vulnerability report is below. You may also complete the following form to request a copy of our AoCs
Attestation of Compliance Request Form
Complete the form below and we’ll send you a copy of our Attestation of Compliance