Payment Card Industry Data Security Standard (PCI DSS)

Strict PCI DSS compliance is necessary for any business processing credit card payments. Therefore, Cleverbridge has maintained a PCI DSS compliant environment, and we are constantly checking to make sure that processes and scope remain compliant.

We do so by only accepting credit card orders submitted according to PCI DSS standards. Our platform supports submission of orders via state-of-the-art secure encryption layers, and we process all transaction requests and results via HTTPS. Cryptographic controls also provide effective mechanisms for protecting the confidentiality, authenticity and integrity of information – and our policies include the use of encryption and key management.

Our services also provide you with the following freedoms and benefits:

Less Responsibility

When you use Cleverbridge-hosted and operated payment pages, all credit card information is sent directly to cleverbridge. This means that sensitive cardholder data never passes through your system. As a result, your company does not need to implement many of the strictest PCI DSS standards.

Substantial Cost Savings

Following PCI DSS regulations is absolutely necessary for accepting credit card payments, but compliance does not come cheap. When you partnerClosed A company that purchases your products in bulk for a discounted price and resells them to their customers for a profit. In legal terms, a partner is a regular customer as there is no partnership agreement with Cleverbridge in place.​ with cleverbridge, we cover the following PCI DSS compliance costs:

Initial Implementation

As estimated by Gartner for level 1 merchants (processing in excess of 6 million transactions of a single card type per year), implementation costs include:

  • 200,000 USD for assessing the scope of required PCI DSS work (scope assessment during initial implementation)
  • 600,000 - 1.1 million USD to meet the requirements

Recurring Auditing Fees

These hinge on a variety of factors – company size, number of transactions processed annually, existing infrastructure, credit card data scope, etc. Initial implementation is quite costly. For level 1 merchants, the average annual audit cost is 225,000 USD.

Avoidance of Violation Fines

We protect you from potentially catastrophic PCI DSS non-compliance fines, including:

  • Up to 90 USD fine per cardholder data compromised
  • Suspension of credit card acceptance
  • Loss of brand reputation
  • The cost of a PCI Qualified Forensic Investigator (130-200 USD per hour for a one- to two-year project)