PCI DSS Standard | HolestPay

Standard Version 4.0.1

PCI DSS Standard – Why is it Essential?

In the era of modern digital commerce, where payment transactions are processed in milliseconds, the security of payment card data is an absolute imperative. HOLEST E-COMMERCE DOO, a leader in providing innovative online payment solutions, implements the world’s most stringent security protocols through its HolestPay system. The central pillar of this protection is PCI DSS (Payment Card Industry Data Security Standard), a globally recognized set of regulations that ensures the integrity of every bit of data.

IMPORTANT NOTE: The PCI DSS certificate for our company is issued exclusively by an authorized specialized QSA firm (Qualified Security Assessor). This certificate is the result of a rigorous, independent external audit. It guarantees that our network architecture, operational procedures, and software engineering have passed the most detailed inspections by independent experts, eliminating any subjectivity in security assessment.

Certification Rigor and the Transition to Version 4.0.1

Obtaining compliance status from a renowned QSA firm in our case 7Security GmbH is not a one-time event, but a continuous process of proving excellence. The annual audit involves a comprehensive analysis including penetration tests, quarterly network vulnerability scans, and detailed inspection of access logs.

The HolestPay system currently operates in accordance with version 4.0.1, which brought significant changes compared to previous iterations. The focus has shifted from periodic controls to “continuous security.” This involves the application of automated threat detection systems in real-time, even stricter isolation of network segments containing data (CDE – Cardholder Data Environment), and the implementation of advanced cryptographic key management methods.

The Twelve Fundamental Requirements of Protection

The audit conducted by the QSA firm confirms that HolestPay meets all 12 basic pillars of the PCI DSS standard:

1. Secure Network Architecture: Maintaining firewall configurations that protect cardholder data from the outside world.

2. Secure Parameters: Strict system control without the use of vendor-supplied default passwords or settings.

3. Protection of Stored Data: The PAN (Primary Account Number) is encrypted with strong algorithms, making it completely unusable without authorized access.

4. Encryption in Transit: Protecting data while traveling through public networks using TLS 1.2+ certificates.

5. Malware Defense: Use of state-of-the-art systems for detecting and removing viruses and spyware.

6. Secure Code Development: Implementation of security checks in every phase of the software development lifecycle.

7. Principle of Least Privilege: Restricting access to sensitive data exclusively to personnel for whom it is absolutely necessary.

8. Unique ID and MFA: Every system access requires multi-factor authentication and leaves an indelible audit trail.

Complete Elimination of Anonymous Data Misuse

The primary goal of the rigorous inspection conducted by 7Security GmbH is to prevent any anonymous misuse of data. In digital crime, attackers target poorly protected systems to unnoticedly extract card data and then use it for illegal gain on the black market or for unauthorized purchase of goods and services.

Within the HolestPay system, every “senseless attempt” at access is immediately detected and isolated. Thanks to tokenization techniques, actual card data is replaced with a unique, unusable string of characters. Even in a theoretical case of interception, an attacker would only receive “digital waste” which, without our isolated security modules, has no market or practical value. This directly renders attack attempts meaningless, as anonymity for the perpetrators vanishes, and profit becomes unattainable.

Sharing AoC Documentation and Partner Responsibility

As a result of a successful audit, our QSA firm issues us the AoC (Attestation of Compliance) document. This document is the official proof that HolestPay has passed all security tests. In accordance with international standards, we share the AoC with other entities in the payment chain that are also certified, ensuring the integrity of the entire payment chain from the point of sale to the card issuer bank.

Clients using our payment methods involving the transmission or storage of card data have the right to request access to our current certificate. This is of vital importance for your business, as using a certified system reduces your own audit scope (PCI Scope) and ensures the trust of your end customers.

Technical Support and Documentation

If you wish to request access to our AoC issued by QSA or have specific questions regarding the network security of the HolestPay system, please contact our compliance team.

Official email for inquiries: office@holest.com

© 2026 HOLEST E-COMMERCE DOO, Belgrade. HolestPay is a registered and certified transaction processing system. All processes are aligned with the regulations of the National Bank of Serbia and international PCI DSS standards.

HolestPAY SANDBOX:
https://sandbox.pay.holest.com

All available methods can be tried immediately in SANDBOX mode. The default parameters can be used for the test for most methods (payment/shipping/fiscal) – if you still don’t have official test parameters from the bank, country tax office, courier service…