PCI-DSS Compliance
Introduction
AppXite Platform supports various features designed to help our partners to manage their subscription-based business. Among such features is the ability to smoothen the customer payment experience by enabling payment card transactions.
For that reason, AppXite Platform is integrated with the leading PCI-DSS Level 1 service providers that adhere to the highest level of cardholder data protection standards.
What is PCI-DSS?
Payment Card Industry Data Security Standard (PCI-DSS) is the global security standard introduced by the PCI Security Standards Council. It is applicable to all entities that store, process or transmit cardholder data and/or sensitive authentication data. PCI DSS encompasses a set of requirements for protecting cardholder data across the entire payment ecosystem.
PCI Requirements
According to the latest PCI DSS version 3.2.1. there are 12 main requirements which include over 270 sub-requirements.
Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open or public networks.
Maintain A Vulnerability Management Programme
- Protect all systems against malware and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to cardholder data by businesses need to know.
- Identify and authenticate access to system components.
- Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel.
AppXite PCI-DSS Compliance
AppXite is a Level 4 PCI-DSS compliant merchant that has outsourced all cardholder data functions to a PCI DSS compliant third-party service provider. AppXite Platform allows customers to link their payment provider accounts with the Platform to enable payment card transactions. All the information required for enabling payment service within AppXite Platform is encrypted and handled according to the PCI-DSS controls.
Once the payment account is connected to the AppXite Platform, customers may select “Payment Card” as their method of payment and assign a credit card. Our PCI-DSS compliant integration with the selected payment provider ensures that all the cardholder data is being directly transmitted to the payment provider circumventing AppXite’s systems and hardware.
As a result, AppXite does not store, process, or transmit any cardholder data on our systems or premises. For more information on how to enable payment by card please visit How to enable payments via Credit Card?
Annual Validation. AppXite validates PCI DSS compliance on an annual basis. Our latest Attestation of Compliance (“AoC”) is available upon request.
Add comment
Please sign in to leave a comment.