Payment Card Industry Data Security Standard (PCI-DSS)
PCI is a mandated set of security standards that were created by the major credit card companies to offer merchants and service providers a complete, unified approach to safeguarding credit card holder information for all credit card brands.
PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debt card, then the PCI DSS requirements apply.
What do our clients have to do in order to satisfy PCI requirements:
- Hosted Clients – Self Assessment Questionnaire 4
- Payment application over Internet, no cardholder data stored on premises
- Desktop Clients – Self Assessment Questionnaire 5
- Payment application hosted locally so cardholder data stored on premises
- QuickStar Only Clients
- While QuickStar is certified, refer clients to "Hosted" or "Desktop" above based on the type of software being used.
How do our clients get compliant?
- Complete Self Assessment Questionnaire
- Engage an approved scanning vendor (ASV) to do quarterly scans.
- Submit attestation of compliance, SAQ, evidence of compliant scan to acquirer (aka, your bank)
PCI Links
- PCI Standards
- PCI Guidelines and FAQ
- Motionsoft Evidence of Certification
- Customer Self Assessment Questionnaire (SAQ)
While the CX Hosted platform is both PCI compliant and certified, Motionsoft will not seek PA-DSS Certification of CX Desktop. Since CX Desktop software received all of the security enhancements in CX Hosted, Motionsoft believes it satisfies the requirements so that clients may seek PCI certification of their end-user environment(s) independent of Motionsoft.
To discuss PCI compliance in more detail with one of our representatives, please fill out the form below:
