Doug Payne, Chief Information Officer, Massage Envy Corporation
PCI DSS (Payment Card Industry Data Security Standard) requires merchants, banks, processors – anyone who handles payment card data – to protect cardholder data from rising tide of hackers and data thieves. PCI DSS imposes a series of requirements ranging from not storing sensitive customer data at the merchant's site to the need to encrypt any such data being sent over public networks. Failure to comply can expose a merchant to liability, fines and penalties of up to $500,000 and potential business-crippling expulsion from credit card processing.
While PCI DSS applies to merchants, a separate standard called PA-DSS (Payment Application Data Security Standard) applies to software providers whose applications handle payment card data. PA-DSS, formerly called PABP (Payment Application Best Practices), requires software providers develop applications that support the PCI DSS requirements. As early as this fall, the PCI Security Standards Council will issue a list of PA-DSS compliant applications.
Not being on that list could mean damage to a software provider's brand, financial liability or – perhaps worst – a loss of sales to merchants for whom PCI DSS compliance is essential.
The experts at Element understand the ins and outs of PCI DSS requirements and sit on the PCI Security Standards Council. Integrating your software with the Element Express Processing Platform allows you to easily comply with PCI DSS, and gives you piece of mind knowing that security is our priority.