BlockChyp Obtains 2020 PCI Certification
January 19, 2021
BlockChyp is proud to announce they have completed their first ever PCI-DSS Certification as a Level 1 Service Provider. BlockChyp’s Qualified Security Assessor, Triaxiom Security of Charlotte, delivered the final Record of Compliance and Attestation of Compliance on January 18, 2021.
PCI-DSS Level 1 Service Provider certification required BlockChyp to engage a Qualified Security Assessor (QSA) to independently audit BlockChyp’s security practices for compliance with standards set by the payments industry via the PCI (Payment Card Industry) Council. Over a period of a few months, Triaxiom reviewed BlockChyp’s internal policies, security configurations, threat monitoring posture, and other security practices in order to prepare a formal Record of Compliance as required per PCI rules.
“This process is new for BlockChyp because 2020 was our first year operating at a high enough scale that a full independent audit of our security practices was required,” said Jeffrey Payne, BlockChyp’s CTO. “We were fortunate enough to engage Triaxiom Security and they have been great. Any time you engage a security consultant, even in the context of PCI certification, it should be seen as an opportunity to learn something and make genuine improvements to your security posture. Working with Triaxiom helped us make a number of improvements along with validating some our existing practices. We had a great experience working with Triaxiom and couldn’t recommend them highly enough.”
Triaxiom Security likewise felt the relationship was a constructive one. According to JR Johnson of Triaxiom Security:
“We conducted a full Level 1 assessment with a Report on Compliance for BlockChyp as a Service Provider that interacts with credit card information. Throughout this process, BlockChyp not only demonstrated adherence to the minimum security requirements as specified in the PCI DSS, but continually exceeded those requirements. The organization as a whole showcased a mature security program that is dedicated to continual improvement, above and beyond general security best practices and peer organizations.”
Now that BlockChyp is a Level 1 Service provider, PCI certification audits will be an annual occurrence to be supplemented with regular vulnerability scanning and tactical security assessments. BlockChyp has also embraced the OWASP Application Vulnerability Verification Standard and will be phasing it in over the coming year alongside PCI-DSS.