PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. 

Whilst Cloud Gateway accepts card payments for our services and products, we do not store, process or transmit cardholder data. Instead, we rely on a certified third party service provider to handle all card-payment transactions. 

The PCI "SAQ-A" is a self-assessment designed for organisations like us to demonstrate our compliant receipt of card payments. (It's official scope is for: Card-not-present merchants (e-commerce or mail/telephone-order) that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers, with no electronic storage, processing, or transmission of cardholder data on the merchant’s systems or premises.)

With that in mind, Cloud Gateway's approach to PCI compliance is to perform a SAQ-A self assessment each year and we are pleased to confirm that we comply with the Payment Card Industry Data Security Standards PCI DSS v3.2 for Merchants.