Payment Card Industry Data Security Standard (PCI DSS) refers to the global information standard set by the payment card industry to assist with the prevention of payment card fraud.
To achieve compliance, a company must successfully demonstrate it has met stringent measures in enforcing the data security of the companies with which it conducts business.
Our secure payment gateways enable our customers to process card payments in a PCI-compliant way, thereby benefiting from a safe and completely secure method of storing and processing credit card transactions.
In response to the growing threat of improper use of credit cards, the payment card industry formed the PCI Security Standards Council. The council has developed a set of standards (PCI DSS) for anyone who stores, processes or transmits credit card data. The primary goal of the council and the purpose of the DSS is to protect card holder’s data.
There are two elements of PCI that may relate to RMS customers where they accept credit cards as a form of payment.
1. The Payment Card Industry Data Security Standard (PCI DSS) - This standard stipulates the conditions under which credit card data can be processed, stored and transmitted in a way that complies with the agreement between the card issuers, the bank, and the merchant. The PCI DSS details all aspects of business practice including policies, security, devices such as credit card processing terminals and the environment in which they operate. Apart from any business information software, such as RMS, the merchant is obliged to comply with the standard. An example of not complying with the standard might include the practice of recording credit card details in a book that is left in an open drawer.
2. The Payment Application Data Security Standard (PA DSS) - This is a standard for a software or hardware payment application that stores, processes or transmits credit card data. A property management system such as RMS is deemed to be a payment application if it stores, processes or transmits credit card data.
Instances of RMS that store credit card details are not PA DSS compliant. However, RMS can be configured and supplied in such a way that it is impossible to store credit cards in any part of the system. Neither can it process or transmit card data. Furthermore, such examples of RMS cannot be re-configured by the user to allow for the storage of credit cards post installation.
By definition of the PA DSS, any application that does not store, process or transmit credit card data is out of the scope of PA DSS and is not required to comply. Customers who are seeking to establish a business environment that complies with the PCI DSS should consider using a version of RMS which has had the ability to store, process and transmit credit cards disabled. Using the nonpayment application version of RMS forms a significant part of operating a PCI DSS compliant business environment.
Certificates of Compliance
- PCI-DSS Certificate of Compliance 2019
- PCI-DSS Certificate of Compliance 2018
- PCI-DSS Certificate of Compliance 2017
- PCI-DSS Certificate of Compliance 2016
- PCI-DSS Certificate of Compliance 2015
- PCI-DSS Certificate of Compliance 2014
- PCI-DSS Certificate of Compliance 2013
- PCI-DSS Certificate of Compliance 2012