Brought to you by Blue Chip


Choosing the right PCI DSS partner for cloud hosting

PCI-DSS certification is crucial for handling payments. Blue Chip adheres to the strongest standards, meaning we are trusted around the world for handling credit card and other transaction information in our data centres. Matthew Bailey, National Sales Director, talks of why this is vital for industries such as retail and Fintech.

Matthew Bailey

National Sales Director at Blue Chip

Blue Chip has attained the highest level of PCI DSS compliance. Our National Sales Director, Matthew Bailey, talks about the importance of these certifications.

Hi, I'm Matthew Bailey. Today, I'm going to talk to you about the payment card industry data security standard - the different levels and the different types of assessments, so that when you're choosing your PCI DSS partner, you can make an informed decision.

Blue Chip has a large customer base within the finance and retail sectors. For us it was an obvious choice to move into PCI DSS certified services. We can help you on your journey towards your PCI compliance.

In February 2018, there was an updated version - version 3.2 of the PCI standard.

That includes 12 requirements, 395 controls and you must achieve a 100% pass rate. Many managed service providers will claim certification to the PCI DSS standard. However, for a greatly reduced scope - 5 to 15% - this leaves you with the overwhelming burden of achieving your PCI DSS compliance.

Blue Chip can assist with over 82% of these controls, 74% of which we can take complete responsibility for. This greatly reduces the burden on your compliance team and on your technical staff, and ensures that your data is always safe.

There are four levels to the PCI DSS certification, based upon the number of transactions per annum.

Level 4: Under 20,000 transactions per annum.
Level 1: Over six million transactions per annum.

Along with their levels, there are two types of assessment. A self-assessment and an external assessment. To achieve a level 1 certification, you must use an external qualified Security Assessor.

Blue Chip split our PCI assessment into several sections, but from the outset decided to certify as a Service Provider Level 1 - the highest possible achievement, meaning we can process more than 6 million transactions per annum. Initially, we could have self-certified. However, we felt that if we were both the poacher and the gamekeeper, there was going to be too big a conflict of interest.

In 2013, we certified our tier 4 and tier 3 freehold data centre facilities. In 2014, we certified for a managed service. What this means is that our technicians and personnel are able to sign on to the machines of that most important credit card data stored on it to perform their daily duties.

In 2016, we achieved certification for our multi-tenant Blue Chip Cloud, which has been a great success. All of our certifications are based upon the PCI version 3.2 Service Provider Level 1.

We are completely transparent with our customers and will always provide their auditors with our ROC document to report on compliance. This ensures the smoothest possible sign-off for all parties. Achieving compliance was a project. Maintaining continuous compliance is a program. We are extremely proud of achieving six years of continuous compliance.

In comparison, the Verizon annual security report stated that 47% of companies failed their PCI audit in 2017. In our PCI cloud we can provide Windows, Linux, IBM i, AIX and mainframe technologies. We provide an operating system and database managed service, while still providing you with a cloud-based charging model, ensuring you receive value for money and that you can build, deploy and burst in line with your business needs. All with the reassurance that your data and your customers' data is completely secure.