LightSpeed ProPCI Compliance
PA-DSS Certified Software
￼After an extensive and rigorous certification process, Lightspeed OnSite ￼was deemed PA-DSS Certified by the PCI Standards Council in April 2011.
PA-DSS stands for Payment Application Data Security Standard, and certifies that a payment application like Lightspeed OnSite includes 13 key protections for transaction and cardholder data that guard against credit card fraud, and is compliant with the Payment Card Industry Data Security Standards (PCI-DSS).
The bottom line is that we have made the significant investment of time and resources to ensure that Lightspeed OnSite meets the highest standards for data security and fraud protection. Your customer data depends on it.
What is PA-DSS Compliant?
For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 13 protections:
- Do not retain full magnetic stripe, card validation, code or value, or PIN block data.
- Protect stored cardholder data.
- Provide secure authentication features.
- Log payment application activity.
- Develop secure payment applications.
- Protect wireless transmissions.
- Test payment applications to address vulnerabilities.
- Facilitate secure network implementation.
- Cardholder data must never be stored on a server connected to the internet.
- Facilitate secure remote software updates.
- Facilitate secure remote access to payment application.
- Encrypt sensitive traffic over public networks.
- Encrypt all non-console administrative access. Maintain instructional documentation and training programs for customers, resellers, and integrators.
What is PCI-DSS?
The Payment Card Industry Data Security Standard (PCI-DSS) is designed to protect the privacy and security of cardholder data and the businesses that process, store or transmit cardholder data. The PCI-DSS is defined by the PCI Security Standards Council, an independent body, founded by leading credit and debit card providers.
Any organization that processes, stores or transmits payment card data must be PCI-DSS compliant. That's because when you accept cards for payment, you are also agreeing to take the steps necessary to protect the customer's card data.
Simply put: If you use an integrated payment processor, such as Axia, MerchantWarehouse, or Authorize.net, to authorize and capture credit card transactions in Lightspeed OnSite, the PCI-DSS applies to you.
All merchants using payment cards must periodically validate their PCI-DSS compliance. Compliance can be validated by an auditing firm. Or, if a company processes fewer than 80,000 transactions per year, they are allowed to perform a self-assessment questionnaire, which determines if they are within compliance.
How Lightspeed Helps
Lightspeed OnSite has been designed to help you meet PCI-DSS requirements. For example, it does not store sensitive cardholder data and it securely transmits every transaction to all payment gateways.
Nevertheless, it’s important to realize that PCI-DSS requirements require security measures that extend beyond Lightspeed. Protecting sensitive cardholder data takes careful evaluation and management of your entire system and network configuration, including:
- Your store network configuration including any remote and/or wireless access.
- Anti-virus, firewall and other security applications.
- Your Mac OS X operating system configuration and system administrator controls.
- Physical access to your Lightspeed OnSite server Written policies and procedures.
For more information to ensure that your business meets PCI-DSS requirements, download the Lightspeed PA-DSS Implementation Guide.