What's PCI Compliance?

Contents of this Topic: ShowHide

Overview

• The PCI-SSC (Payment Card Industry-Security Standards Council) formulated security standards for the entire payment card industry (PCI) to increase the security of card holder data as it relates to payment applications (PA-DSS) as well as business practices ( PCI -DSS). Each category has its own set of requirements to achieve PCI certification or compliance.
• Monsoon Order Manager Version 8.0 uses the Monsoon Commerce Payment Module (MCPM) to process all electronic payment transactions. MCPM was reviewed by a Qualified Security Assessor (QSA) and received final certification of PCI compliance in February 2013.
• More information about using Monsoon Order Manager 8.0 and MCPM in a PCI compliant fashion can be found in the Implementation Guide.
• More information about PA-DSS, PCI-DSS and PCI "compliance" can be found at the PCI Security Standards website.

What is PA-DSS (Payment Application - Data Security Standards)?

• Software companies that distribute applications which handle or store card holder information must seek PA-DSS certification from PCI-SSC, indicating to their customers that their software uses the most current security standards set by the PCI-SSC.
• Although the Monsoon Commerce Payment Module has been certified as PCI compliant, installing Monsoon Order Manager Version 8.0 and the Monsoon Commerce Payment Module alone is not sufficient to make your environment PCI compliant. You need to institute all of the measures laid out in the Implementation Guide to be PCI compliant. Refer to https://www.pcisecuritystandards.org for more information.

What is PCI-DSS (Payment Card Industry -  Data Security Standards)?

• Businesses that handle or store card holder information must meet PCI-DSS standards to achieve PCI certification or compliance.

• This type of certification indicates that the merchant is applying the most current security practices defined by the PCI-SSC in regard to card holder payment information, and includes:

• • • • restrictions on employee access to information

      • the type of networks used

      • applications installed (not just Monsoon Order Manager )

      • business practices (such as document storage and communications)

      • a variety of other factors that can jeopardize card holder information

Additional Information

 PCI Security Standards website

Monsoon Commerce Implementation Guide

Created: 2/11/13

Revised: 12/3/13

Published: 08/19/15