Gala Technology, the innovative Yorkshire-based company behind SOTpay, the multi-award-winning 'Card Not Present' (CNP)/Remote payment solution, are pleased to confirm that its innovative application, which enables cardholders to pay for goods and services securely, when paying over a telephone or other remote channels such as webchat and social media, has obtained their PCI DSS (Payment Card Industry Data Security Standard) Report on Compliance (ROC) for 2020/2021. By achieving this certification, Merchants and PSPs can be assured that the SOTpay service has been independently validated by a Qualified Security Assessor (QSA) to ensure it meets with the rigorous requirements of PCI DSS.
PCI DSS is a set of requirements which merchants, service providers and financial institutions must adhere to if they store, process and/or transmit cardholder data, to ensure cardholder data is protected. This standard was developed with the collaboration of American Express, Discover, JCB, Mastercard and Visa and is based upon a set of policies and procedures that need to be implemented to protect cardholder data from potential fraudulent misuse.
Although SOTpay does not store, process, and/or store cardholder data, as a Third-Party Service Provider, (TPSP), connected to the Cardholder Data Environment (CDE), Gala Technology is keen to ensure that:
- Prospective customers are easily able to undertake proper due diligence and a risk analysis, before committing to using SOTpay,
- Existing customers using SOTpay are able to easily demonstrate that the appropriate policies and processes are in place to assist them in delivering on their contractual requirement to evidence compliance with PCI DSS and in so doing are keeping the cardholder data and the cardholder data environment (CHD & CDE) secure.
To this end, Gala Technology evidences its compliance with PCI DSS by completing an annual Level 1 PCI DSS assessment using an independent Qualified Security Assessor (QSA). This gives its customers the assurance and awareness that SOTpay complies with the applicable requirements of the standard for the service it provides.
The contribution SOTpay makes to protecting cardholder data is further evidenced by that fact that in 2019 and 2020 SOTpay picked up the industry ‘Awards For Excellence’ at PCI London and also scooped ‘Best International CNP Solution’ at the major CNP awards in San Francisco.
Gala Technology CTO, Stephen Biggs, stated ‘Working alongside our global cyber security partners at Armor and the team at (the) Data Security , who independently assess our compliance with PCI DSS, we are delighted to be able to demonstrate and share Gala Technology’s firm commitment to PCI DSS compliance at the highest level.
In addition to taking PCI DSS very seriously by using a QSA to evidence Level 1 compliance with PCI DSS, our clients know that we are also committed to helping them simplify their own requirements. SOTPay simplifies PCI DSS compliance by eliminating cardholder data from their environment, which in turn reduces PCI DSS compliance headaches. As a further example of our commitment to help support merchants of all shapes and sizes, SOTpay also authenticates the cardholder, which in turn helps combat fraud because authentication eliminates fraud related chargebacks.”
Mark Woodward, CEO, Armor commented “Gala Technology successfully receiving their PCI DSS ROC Certification is not a surprise. They have been delivering award-winning solutions for merchants and acquirers for a number of years. We are proud to have had Gala Technology as customers since 2017.
Working with Gala Technology, our Armor Anywhere product with secure hosting, assists them in achieving PCI compliance and in maintaining a robust security posture for their SOTpay application in a cost-effective manner.”
Gary Billings, Sales Manager UK, of PCI QSA specialists, Data Protection People Limited who trade as ‘Data Security People’ commented “We were delighted to have been chosen as the PCI QSA partner for Gala Technology this year, to help Gala Technology achieve and evidence PCI DSS compliance to Level 1. Additionally, our QSA team were extremely excited to discover how the award-winning and innovative payment solution, SOTpay, simplifies and secures remote payments. We feel this discovery will help our other clients, who process remote payments, simplify their journey towards PCI DSS compliance. We hope to continue our mutual relationship on a long-term basis, supporting Gala Technology with our ‘QSA as-a-service’ to ensure year-round compliance.”