PCI DSS

Authentic8 is a Participating Organization in the PCI Security Standards Council. This gives us the opportunity to participate in the standards development process, recommend new initiatives, and play an active role in ensuring that PCI standards address the context of web isolation, remote browsing, and zero trust access.

Silo by Authentic8 is compliant as a PCI DSS Level 2 Service Provider, allowing it to process, transmit, or store cardholder data on behalf of merchants who accept payment cards (American Express, Discover, JCB, MasterCard, or Visa) as payment for goods or services. 

The Payment Card Industry Data Security Standard (PCI DSS) ensures that compliant merchants and service providers have appropriate security controls in place to protect cardholder data and reduce credit card fraud. As a component of Authentic8’s PCI DSS compliance, it maintains an active Letter of Attestation, Self Assessment Questionnaire (SAQ-D) and Attestation of Compliance (AoC). On a quarterly basis, a PCI-approved scanning vendor (ASV) generates an Attestation of Scan Compliance.

As a result of Authentic8’s PCI DSS compliance, customers can leverage Silo services as a PCI Service Provider with assurances that Silo:

• Is built and maintained as a secure service
• Protects cardholder data
• Is subjected to an appropriate vulnerability management program
• Is protected by strong access control measures
• Is continually monitored and tested
• Leverages a mature information security program (including policies, standards and procedures)

Organizations that need to leverage Silo as a PCI-compliant service provider can request a copy of Authentic8’s PCI Letter of Attestation, SAQ-D, and Attestation of Scan Compliance from their Authentic8 account executive or designated point of contact. These can also be requested by email to support@authentic8.com. In all cases, a non-disclosure agreement (NDA) is required to receive Authentic8’s compliance documents.