We take security seriously
As utilizers of AWS, the service provides a wide range of security features and services to help protect customer data and infrastructure. These features are designed to work together to provide a secure environment that meets the security and compliance needs of customers.
AWS has implemented a number of physical, operational, and network security measures to protect customer data. These include:
Physical security measures such as biometric scanning, security cameras, and security guards to protect data centers.
Network security measures such as firewalls, intrusion detection/prevention systems, and Virtual Private Cloud (VPC) to control access to resources and services.
Operational security measures such as security incident management, incident response, and penetration testing to detect and respond to security issues.
AWS also maintains certifications and accreditations for a variety of industry standards such as SOC 2, PCI DSS, HIPAA and FedRAMP.
It's important to note that while AWS provides a highly secure environment, it's not immune to security breaches and incidents. It's the customer's responsibility to stay aware and compliant with all the security best practices and regulations, such as not sharing usernames and passwords, making them too simple to guessing. As AWS expands to Passkey technology, we'll instantly implement it as well.
Traista is PCI DSS compliant. PCI DSS stands for Payment Card Industry Data Security Standards, which is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. These standards were developed by the major credit card companies, including Visa, MasterCard, American Express, Discover, and JCB to help protect cardholder data and reduce the risk of fraud.
Compliance with PCI DSS is required for any organization that accepts credit card payments, regardless of the size or number of transactions. The standards apply to merchants and service providers that store, process or transmit cardholder data, and are divided into six categories:
Build and Maintain a Secure Network: This includes creating firewalls and other security measures to protect cardholder data.
Protect Cardholder Data: This includes storing, processing, and transmitting cardholder data securely, and protecting against unauthorized access.
Maintain a Vulnerability Management Program: This includes regularly assessing and testing systems and networks for vulnerabilities, and taking steps to remediate them.
Implement Strong Access Control Measures: This includes controlling access to cardholder data and monitoring access to systems and networks.
Regularly Monitor and Test Networks: This includes regularly monitoring systems and networks to detect and respond to security breaches.
Maintain an Information Security Policy: This includes having a documented information security policy and regularly reviewing and updating it.
Organizations that handle credit card transactions must comply with the PCI DSS and pass a compliance assessment to be able to process credit card payments. The compliance assessment must be done by an approved Qualified Security Assessor (QSA) or an Internal Security Assessor (ISA) depending on the size of the organization and the number of transactions.
Non-compliance with PCI DSS can result in penalties and fines, and may also result in the loss of the ability to accept credit card payments.