PA DSS is a standard for software developers and applies to the methods used for storing, transmitting, and processing credit card information. It is meant to ensure the software you use will work in tandem with the PCI requirements. PayStream has been certified as PA DSS compliant when using the PAYware Connect gateway.
The council's main objective was to eliminate the possibility of someone fraudulently obtaining your customer's credit card information. By following the PCI requirements you are limiting the chance that someone will be able to access your sensitive data. Merchants whose data is compromised are faced with fines, fees, and possibly the loss of your right to process credit cards.
PCI DSS applies to all entities that store, process, and/or transmit cardholder data. Basically, if you accept credit cards, it applies to you.
There are different levels of merchants depending on the number of transaction you process. The requirements for each of these levels varies. You can see those levels here. The majority of POSIM users will fall into level 4, which means your validation requirements are set by your processor. The main requirement enforced is that you must use a PA DSS (Payment Application Data Security Standards) certified solution.
PayStream has been certified as PA DSS compliant. It is listed on Visa's web site as a Validated Payment Application. You can rest assured when applying for a merchant account that PayStream is a valid option to help you obtain your own PCI certification.
PCI applies to you whether you are using a Point of Sale software solution to process credit cards, or a separate credit card terminal that sits on the counter.
For more information call POS•IM at (801) 546-1616
PA-DSS is a standard for software developers and applies to the methods used for storing, transmitting, and processing credit card information. POS•IM has been certified as PABP compliant. PABP was the original standard, and has since been changed to PA-DSS. We are grandfathered under PABP compliancy to qualify for PA-DSS also.
Using PA DSS standards ensures the software will assist the end user in becoming PCI compliant. It has also been tested by a Payment Application Qualified Security Assessor (PA-QSA) for vulnerabilities. Card brands (Visa, MasterCard, Discover, AMEX, etc) encourage you to use a PA-DSS solution because they have been tested and lessen your risk of data theft.
PayStream is also programmed to either STORE or NOT STORE credit card data. You get to choose whether or not you want to have the data stored. If you choose not to store credit card data you will lessen the number of PCI requirements you must fulfill.
Keep in mind that while PayStream will help you cover some of the PCI requirements, it alone will not make you PCI compliant. BUT… it's a good starting point, and depending on your acquirer (the company who boards your merchant account) and PCI deadlines it may also be a necessary one.
For more information call POS•IM at (801) 546-1616
It really depends on your acquirer (the company who holds your merchant account). For POSIM users your acquirer is likely to be National Merchant Alliance (NMA). You can contact them to see what they require of you. Mainly, you will probably be required to use a PA DSS certified solution.
PayStream has been PA DSS certified to safegaurd customer information by encrypting it. POSIM EVO, Diamond, and Premier do not actually store or process credit card information and do not have those safeguards in place. PayStream is a free upgrade to all POSIM Charge users, however it is was certified with a different gateway (secure Internet portal) and requires you to switch to PAYware Connect. Contact your local sales rep or POSIM for more information on upgrading, or purchasing PayStream.
We spent A LOT of money creating PayStream so our users would have a PCI compatible solution. The PCI Security Standards page requires a membership (that was not included with our certification) and is expensive. You can see the certificate on our web site, and that's good enough for us!
You have the power to store credit card data securely in PayStream, but you also have the PCI responsibilities that come with storing credit card data. If you are ever faced with a "Self Assessment Questionnaire" (SAQ) from your acquirer (the company who allows you to process credit cards), then you will understand why the option exists. If you are storing credit card data then you will use SAQ D, which requires all PCI steps be met. If you are NOT storing credit card data then you will SAQ C, which has fewer requirements.
We provide both options. You can choose what works best in your situation.
See the PCI Security Standards web site for more information on Self Assessment Questionnaires.
© 2012 POS•IM, LLC All rights reserved. Sitemap
