Here is what you need to know about the new PCI compliance standard when choosing a solution partner:
First, see below definitions to know what we’re talking about (like we need more acronyms in this business right?)
PCI = Payment Card Industry
PA = Payment Application
DSS = Data Security Standard
These standards were actually created by the various payment card providers like Visa, MasterCard and American Express. PCI casts a very broad net; it includes the card providers, gateways, merchants, banks and applications. PA is any software or hardware solution that passes or reads/stores sensitive data. DSS is the standard the hardware and software solution providers must write their code and encryption levels to.
For us selling and purchasing solutions that store or transmit sensitive data, when a customer asks if your solution have PCI Compliance, they mean is your solution PADSS Certified? Only a Payment Application (PA) that is Data Security Standard (DSS) certified can be compliant. This certification can only be earned after engaging a qualified firm and passing a stringent audit process. Many end users are not even considering a solution that is not certified.
The reason is that for a business to be PCI compliant – using PADSS certified solutions is only a piece of the compliance pie – but a very necessary piece. Network firewalls, database encryption, updated antivirus software and passing security scans (for eCommerce) are some other qualifications.
CitiXsys solutions; iCharge and iVend are PADSS certified and become a valuable part of the PCI compliant path for end users. So next time a customer asks if your solution is PCI compliant you can confidently say “yes we are a certified application”.