What is PA-DSS Compliant?
For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 13 protections:
1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data.
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities.
8. Facilitate secure network implementation.
9. Cardholder data must never be stored on a server connected to the internet.
10. Facilitate secure remote software updates.
11. Facilitate secure remote access to payment application.
12. Encrypt sensitive traffic over public networks.
13. Encrypt all non-console administrative access. Maintain instructional documentation and training programs for customers, resellers, and integrators.
Good For Business
Compliance to the PCI-DSS standard is not only mandatory, it's good for business. It assures your customers that their card information is protected. It also helps to protect your business from a security breach that could damage your relationship with your customers, damage your reputation and result in significant fines.
Which Version(s) of Lightspeed OnSite are Compliant?
Lightspeed OnSite 3.9.0 has been deemed PA-DSS Certified. Current and future releases of Lightspeed OnSite are re-certified after they are released to the public.
What is PCI-DSS?
The Payment Card Industry Data Security Standard (PCI-DSS) is designed to protect the privacy and security of cardholder data and the businesses that process, store or transmit cardholder data. The PCI-DSS is defined by the PCI Security Standards Council, an independent body, founded by leading credit and debit card providers.
Any organization that processes, stores or transmits payment card data must be PCI-DSS compliant. That's because when you accept cards for payment, you are also agreeing to take the steps necessary to protect the customer's card data.
Simply put: If you use an integrated payment processor, such as Axia, MerchantWarehouse, or Authorize.net, to authorize and capture credit card transactions in Lightspeed OnSite, the PCI-DSS applies to you.
All merchants using payment cards must periodically validate their PCI-DSS compliance. Compliance can be validated by an auditing firm. Or, if a company processes fewer than 80,000 transactions per year, they are allowed to perform a self-assessment questionnaire, which determines if they are within compliance.
