PA-DSS certified software from Lightspeed
￼After an extensive and rigorous certification process, Lightspeed OnSite ￼was deemed PA-DSS Certified by the PCI Standards Council in April 2011.
data that guard against credit card fraud, and is compliant with the Payment Card Industry Data Security Standards (PCI-DSS).
What is PA-DSS Compliant?
For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 13 protections:
1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data.
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities.
8. Facilitate secure network implementation.
9. Cardholder data must never be stored on a server connected to the internet.
10. Facilitate secure remote software updates.
11. Facilitate secure remote access to payment application.
12. Encrypt sensitive traffic over public networks.
13. Encrypt all non-console administrative access. Maintain instructional documentation and training programs for customers, resellers, and integrators.
Good For Business
Compliance to the PCI-DSS standard is not only mandatory, it's good for business. It assures your customers that their card information is protected. It also helps to protect your business from a security breach that could damage your relationship with your customers, damage your reputation and result in significant fines.
Which Version(s) of Lightspeed OnSite are Compliant?
Lightspeed OnSite 3.9.0 has been deemed PA-DSS Certified. Current and future releases of Lightspeed OnSite are re-certified after they are released to the public.
What is PCI-DSS?
The Payment Card Industry Data Security Standard (PCI-DSS) is designed to protect the privacy and security of cardholder data and the businesses that process, store or transmit cardholder data. The PCI-DSS is defined by the PCI Security Standards Council, an independent body, founded by leading credit and debit card providers.
Any organization that processes, stores or transmits payment card data must be PCI-DSS compliant. That's because when you accept cards for payment, you are also agreeing to take the steps necessary to protect the customer's card data.
Simply put: If you use an integrated payment processor, such as Axia, MerchantWarehouse, or Authorize.net, to authorize and capture credit card transactions in Lightspeed OnSite, the PCI-DSS applies to you.
All merchants using payment cards must periodically validate their PCI-DSS compliance. Compliance can be validated by an auditing firm. Or, if a company processes fewer than 80,000 transactions per year, they are allowed to perform a self-assessment questionnaire, which determines if they are within compliance.
How Lightspeed Helps
Lightspeed OnSite has been designed to help you meet PCI-DSS requirements. For example, it does not store sensitive cardholder data and it securely transmits every transaction to all payment gateways.
Nevertheless, it’s important to realize that PCI-DSS requirements require security measures that extend beyond Lightspeed. Protecting sensitive cardholder data takes careful evaluation and management of your entire system and network configuration, including:
Your store network configuration including any remote and/or wireless access.
Anti-virus, firewall and other security applications.
Your Mac OS X operating system configuration and system administrator controls.
Physical access to your Lightspeed OnSite server Written policies and procedures.
For more information to ensure that your business meets PCI-DSS requirements, download the Lightspeed PA-DSS Implementation Guide.