The Payment Card Industry Data Security Standard (PCI DSS) is a data security standard designed by the leading companies in the banking sector (Visa, Mastercard, American Express, Discover and JCB).

“Processors” or “storers” of sensitive payment data, such as Payment Service Providers like Lyra or e-merchants who have developed their own payment gateway, are therefore subject to an annual audit, carried out to ensure the maintenance of the highest level of security. In addition, quarterly internal and external scans are scheduled to maintain compliance.

PCI DSS establishes a set of security requirements to ensure the confidentiality of transactions. These requirements are implemented in the form of internal procedures, and Lyra ensures continuous monitoring of the security measures necessary for card payments. The PCI DSS standard evolves regularly; Lyra is currently compliant with version 4.0.1.

A certification renewed every year

Since 2009, Lyra has been PCI DSS certified, ensuring a highly secure and reliable solution. This guarantee is mandatory for e-commerce, in order to protect the banking data of online buyers. It requires among other things for merchants and third-party agents:

• Investments in an IT system architecture that complies with PCI DSS standards.
• The implementation of procedures to formalize tasks related to IT security and the physical security of buildings and production sites.
• The use of a state-of-the-art cryptographic solution dedicated to encrypting and decrypting the most sensitive data.

What does PCI DSS certification guarantee for e-merchants?

• Risk management, securing your e-commerce transactions and costs
• A mature vision of the security of your information system.
• Comply with payment card industry requirements and reassure customers about making payments on your store.

PCI DSS – VISA

Our commitment: protect Visa cardholders with PCI DSS security standards

“Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is mandatory for all entities that store, process, or transmit Visa cardholder data, including financial institutions, merchants and service providers. Visa’s programs manage PCI DSS compliance by requiring participants to regularly demonstrate such compliance.” Visa©

Thus, shortly after obtaining the renewal of our PCI DSS approval, our file is handed over to the card-issuing brand for compliance validation.

Once validated, this allows us to obtain access to the official list of PCI DSS-certified companies – Visa!

What does “being on the list” mean?

Like Visa, we aim to play an important role in the development of new payment channels and in ensuring a trusted payment system. On our side, we commit to complying with a series of constraints and regulations to ensure the sustainability of your business. On its side, Visa commits to verifying the accuracy of our commitment by analyzing our approval from an “issuer” perspective.

Finally, this global list includes all service providers working with the card-issuing brand. It is also the designated source for the payment industry to obtain information about registered and compliant agents. It guarantees that they provide a trusted payment system for merchants and data protection for buyers and Visa cardholders.