What is PCI Compliance?
PCI Compliance are a set of guidelines established to secure credit card data online.
How does ShulNET help you achieve PCI compliance?
- The program generally relies on a payment processor’s tokenization feature to avoid storing sensitive information within the database.
- If your payment processor doesn’t support tokenization, ShulNET will encrypt credit card information within the database. We strongly recommend against this, as it makes PCI compliance difficult.
- If you do use database storage of credit cards, ShulNET will only ever display the last four digits of a credit card number.
- The CVV is NEVER stored.
- You MUST have a proper SSL cert installed, as credit card transactions must take place over a secure connection.
- We prevent unauthorized access with system abuse checks and locking out users and administrators after multiple failed login attempts.
- ShulNET has built-in password strength requirements.
- We provide guides on how to create strong and secure passwords.
Does that make me PCI Compliant?
No, but it does help you get there. PCI Compliance, if you need it, can be a hurdle for many organizations, and unless you have an expert on hand, it’s strongly urged to lean on processor technology. Here are some notes on processors below.
All Processor Types Require
- Functional and dedicated SSL certificate
- Strict access controls to sensitive information
- Completion of the PCI compliance self-assessment questionnaire
Full Stack Processors
Achievement Level: Easy
Since all full stack processors tokenize and handle PCI compliance locally on their servers, you can achieve PCI compliance with limited costs.
Achievement Level: Varies
Depending on whether the payment processor allows for tokenization of credit cards, achieving PCI compliance can be as easy as other processors. If not, it becomes difficult if any sensitive information would be stored directly on your server.
Achievement Level: Easiest
Since payment gateways do not directly interact with your website beyond establishing charges and payee, all PCI compliance falls within the scope of the payment gateway itself.