Go to Bottom

What's PCI Compliance?

In this Topic: ShowHide

Overview

• The PCI Payment Card Industry-SSC (Payment Card Industry-Security Standards Council) formulated security standards for the entire payment card industry (PCI) to increase the security of card holder data as it relates to payment applications (PA-DSS) as well as business practices (PCI-DSS). Each category has its own set of requirements to achieve PCI certification or compliance.
• Stone Edge Version 7.1 uses the Monsoon Commerce Payment Module (MCPM) to process all electronic payment transactions. MCPM has been reviewed by a Qualified Security Assessor (QSA) and was submitted to the PCI-SSC for final certification of PCI compliance in February, 2013.
• More information about using Stone Edge V7.1 and MCPM in a PCI compliant fashion can be found in the Implementation Guide.
• More information about PA-DSS, PCI-DSS and PCI "compliance" can be found at the PCI Security Standards website.

What is PA-DSS (Payment Application - Data Security Standards)?

• Software companies that distribute applications which handle or store card holder information must seek PA-DSS certification from PCI-SSC, indicating to their customers that their software uses the most current security standards set by the PCI-SSC.
• When the Monsoon Commerce Payment Module has been certified as being PCI compliant, installing and using Stone Edge Version 7.1 and the Monsoon Commerce Payment Module to process your payment transactions, alone, is not sufficient to make your environment PCI compliant. You need to institute all of the measures laid out in the Implementation Guide to be PCI compliant. Refer to https://www.pcisecuritystandards.org for more information.

What is PCI-DSS (Payment Card Industry -  Data Security Standards)?

• Businesses that handle or store card holder information must meet PCI-DSS standards to achieve PCI certification or compliance.

• This type of certification indicates that the merchant is applying the most current security practices defined by the PCI-SSC in regard to card holder payment information, and includes:

• • restrictions on employee access to information

  • the type of networks used

  • applications installed (not just Stone Edge)

  • business practices (such as document storage and communications)

  • a variety of other factors that can jeopardize card holder information

Additional Information

 PCI Security Standards website

Monsoon Commerce Implementation Guide

Created: 11/11/09

Updated: 2/11/13

Go to Top

Go to Top