PCI Compliance

Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in Payment Card Industry Data Security Standards (PCI DSS). These standards set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

The PCI Security Standards Council recommends that companies use a third party credit card vault and tokenization provider to store sensitive cardholder data. By utilizing a vault, the card data is removed from your possession and you are given back a "token" or reference number that can be used for authorizations. By using a third party, you move the risk of storing card data to someone who specializes in doing that and has all of the security controls in place to keep the card data safe.

PointForce Enterprise is PCI compliant provided you choose the Use Only Token EFTs in the EFT section in CC00/Accounts Receivable folder which ensures that all credit card transactions are processed using a token or a reference number.

If companies need to store the card data themselves, the bar for self-assessment is very high and they may need to have Qualified Security Assessor (QSA) come on-site and perform an audit to ensure that they have all of the controls in place necessary to meet the PCI DSS specifications.

  Back