Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a world-wide standard adopted by card schemes for the protection of cardholder identity and transaction information. Any organisation that stores, processes or transmits cardholder data including paper or other records needs to comply with the standard and obtain compliance certification or face the prospect of substantial fines should a security breach occur.
We are sometimes asked if theimagefile are compliant with the PCI DSS. The short answer is that we do not need to be. All of our transactions are handled by WorldPay, one of the leaders in internet payment solutions. Any card data taken by theimagefile is entered directly into the Worldpay online systems and theimagefile does not accept, transfer or store any of this data.
Theimagefile does however use Secure Sockets Layer (SSL) technology over our entire Web site. This is confirmed by the padlock in the address bar of your browser when you visit. Our SSL Certificates enable encryption of all information whilst on theimagefile site, each SSL Certificate also contains unique, authenticated information about us and a Certificate Authority has verified our identity prior to issue. This is the single most important step in meeting PCI DSS and it is possible that theimagefile applies for compliance certification in the near future.