“PCI DSS Level 1 certification for our entire portfolio is a decisive milestone for our cybersecurity platform,” says Jens-Philipp Jung, founder and CEO of Link11. “Individual products have already met this standard, and now we are gearing our entire range towards maximum security. For our customers, this means that no matter which solution they use, they can rely on a consistently trustworthy security architecture. This also reinforces our claim to deliver cybersecurity from Europe for Europe that is reliable, trustworthy, and continuously developed.”

This certification was a collaborative project that required close cooperation between various teams. As part of the certification process, which lasted several months, an independent Qualified Security Assessor (QSA) conducted a comprehensive audit. Every element of the company’s environment was thoroughly examined, from firewall configuration and network architecture to access rights, system monitoring, and contracts with external providers.

PCI DSS divides service providers, such as hosting or cybersecurity providers, into two levels based on their annual transaction volume:

• Service Provider Level 1 applies to providers that process 300,000 or more transactions per year. It has the highest requirements. It requires an annual on-site audit, a detailed compliance report, and quarterly external network scans.
• Service Provider Level 2 applies to providers with fewer than 300,000 transactions per year. The requirements here are less stringent. An annual self-assessment questionnaire (SAQ) and regular network scans are usually sufficient; an on-site audit is not mandatory.

Without a certified partner, an online shop must implement numerous technical security measures itself, such as firewalls, encryption, logging, and vulnerability scans, and prove this in an audit. With Link11 as their IT security provider, merchants can outsource many of these controls. This allows them to reduce audit costs and the effort involved in security operations, among other things. Although responsibility for compliance with the regulations remains with the retailer, working with a PCI DSS-certified service provider makes it much easier to provide proof of compliance.

By achieving Level 1, Link11 has positioned itself in the strictest category of service providers to underscore its commitment to data security. The certification is a clear signal to partners and customers that Link11 takes its responsibility for protecting sensitive data very seriously and is continuously improving security.