- Card Payments
- Payment Technology
- AR Services
- Developer API
Our Level 3 processing solutions have built in tokenization security. If cardholder data is directly entered into your software application, it is considered to be a payment application and falls in scope for PCI. Tokenization (storing customer profiles off site) is the best practice when designing your card acceptance strategy, eliminating the risk of exposing the actual sensitive data while making it faster, easier and less expensive to meet quarterly and/or annual PCI compliance requirements.
PCI is short for PCI DSS which is short for Payment Card Industry Data Security Standard. PCI is the data protection standard for payment card data security and how that protection should be implemented. In practice, this means that PCI is not only good for protecting card data but other payment data like bank account information or any personally identifiable information you may have about your customers and employees. Specifically, PCI prohibits the storage of the full contents of any magnetic-stripe, CVV2 or PIN data. Storage of this type of data is in violation of PCI DSS and the card company operating regulations. It also provides security requirements for transmitting card data.
If you accept card payments, the card associations require that all merchants validate PCI DSS compliance. Businesses not in compliance risk compromise, fines, and jeopardize their ability to accept card payments. At a minimum all businesses accepting card payments should complete the Self Assessment Questionnaire (SAQ). Once the SAQ is complete, you may find that your business requires vulnerability scanning if you transmit card data over the internet.
Note the SAQ that represents how you accept card payments:
To learn more about PCI and compliance, visit our PCI resource page at http://www.vantagecard.com/pci.
While PCI compliance is a mandated point-in-time measurement of your security readiness, the underlying security requirements must be adhered to on a daily basis. In the event of a data compromise, merchants face significant fees and fines. The PCI DSS Validation does not affect your responsibilities associated with your merchant account in the event of a data compromise.
To keep sensitive data off your network and systems, we recommend that you use a token in place of the original payment data. This is of particular importance in a business-to-business and business-to-government sales environment where repeat and recurring orders are the norm. Use our Secure Checkout feature to avoid becoming the target of data security attacks by getting out of the business of transmitting, processing and storing sensitive card data.
Please Contact us with questions about PCI or solutions to safe guard payment data.