We're PCI DSS Certified!

Nov. 7, 2024

Reading time: 2 minutes

Since May 2023 we’re an ISO27001 certified company and as of last week we’re PCI DSS certified, too. PCI DSS (Payment Card Industry Data Security Standard) is an information security standard used to handle credit cards from major brands. You’re probably using some kind of payment provider for your pretix shop to handle your payment needs and that’s why this standard affects you, too. By going through this process of getting certified we make clear that we meet this high security standard. This makes your own compliance with PCI DSS as our customer much easier, since a lot of the responsibility is taken care of by us.

Certificate

Requirements Of PCI DSS And Our Solution

Version 4 of the PCI DSS has been in force since April 2024 and this current version obliges you as a merchant to carry out regular external security scans of your network, so-called ASV scans (Approved Scanning Vendors Scans), as part of the self-assessment questionnaires (SAQ A for short). To keep your administrative effort and costs as low as possible, we take care of these scans for the store hosted with us. If your payment service provider requires you to complete the Self-Assessment Questionnaire A (SAQ A), you will find all the necessary documents relating to pretix in your organizer account under Settings > PCI DSS Compliance:

Attestation of Scan Compliance of the so-called ASV scan. This scan is carried out quarterly and the report is compiled individually for your organizer account and made available for you to download here.
An up-to-date, individual ASV Scan Report Summary of the ASV scan report for your organizer account.
The certificate itself.
The Attestation of Compliance.
The Responsibility Matrix.

Data Protection And Information Security

The protection of your data, that of your customers and the information security of pretix are dear to our heart. To us, these are not hollow phrases, but a core component of our corporate practice. ISO27001 and PCI DSS certification means that we apply the defined requirements and processes in our day-to-day work, continuously review them, and evolve our information security management accordingly. For the PCI DSS certification, we have rebuilt and expanded our comprehensive information security management system in recent months and implemented additional technical measures.

Any Further Questions?

If you have any questions in regards to our PCI DSS certification, would like to know more about information security at pretix in general, or need support with inquiries from your payment service provider regarding PCI DSS issues, just reach out to us by email at pci@pretix.eu or by phone.

Jochen Siebert

At pretix, Jochen is responsible for customer consulting, sales and co-ordinating our ISO 27001 efforts. His main strength is communicating with customers at eyesight and bringing together the needs of the customers and pretix's plentiful features. In his free time he enjoys taking hikes, biking, literature and visiting art exhibitions.