What's PCI Compliance?

Contents of this Topic: ShowHide

Overview

The PCI Payment Card Industry-SSC (Payment Card Industry-Security Standards Council) formulated security standards for the entire payment card industry (PCI) to increase the security of card holder data as it relates to payment applications (PA-DSS) as well as business practices (PCI-DSS). Each category has its own set of requirements to achieve PCI certification or compliance.
SEOM 7.1 and greater uses the Monsoon Commerce Payment Module (MCPM Monsoon Commerce Payment Module) to process all electronic payment transactions. MCPM has been reviewed by a Qualified Security Assessor (QSA Qualified Security Assessor) and was submitted to and certified by the PCI-SSC in 2013.
More information about using SEOM and MCPM in a PCI compliant fashion can be found in the Implementation Guide.
More information about PA-DSS, PCI-DSS and PCI "compliance" can be found at the PCI Security Standards website.

Software companies that distribute applications which handle or store card holder information must seek PA-DSS certification from PCI-SSC, indicating to their customers that their software uses the most current security standards set by the PCI-SSC.
Although the Monsoon Commerce Payment Module is certified as PA-DSS compliant, installing and using SEOM/MCPM to process your payment transactions in and of itself is not sufficient to make your environment PCI compliant. You need to institute all of the measures laid out in the Implementation Guide to be PCI compliant. Refer to https://www.pcisecuritystandards.org for more information.

Businesses that handle or store card holder information must meet PCI-DSS standards to achieve PCI certification or compliance.
This type of certification indicates that the merchant is applying the most current security practices defined by the PCI-SSC in regard to card holder payment information, and includes:

Created: 2/11/13

Revised: 2/3/15

Published: 04/13/16