￼After an extensive and rigorous certification process, Lightspeed OnSite ￼was deemed PA-DSS Certified by the PCI Standards Council in April 2011.
PA-DSS stands for Payment Application Data Security Standard, and certifies that a payment application like Lightspeed OnSite includes 13 key protections for transaction and cardholder data that guard against credit card fraud, and is compliant with the Payment Card Industry Data Security Standards (PCI-DSS).
The bottom line is that we have made the significant investment of time and resources to ensure that Lightspeed OnSite meets the highest standards for data security and fraud protection. Your customer data depends on it.
For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 13 protections:
The Payment Card Industry Data Security Standard (PCI-DSS) is designed to protect the privacy and security of cardholder data and the businesses that process, store or transmit cardholder data. The PCI-DSS is defined by the PCI Security Standards Council, an independent body, founded by leading credit and debit card providers.
Any organization that processes, stores or transmits payment card data must be PCI-DSS compliant. That's because when you accept cards for payment, you are also agreeing to take the steps necessary to protect the customer's card data.
Simply put: If you use an integrated payment processor, such as Axia, MerchantWarehouse, or Authorize.net, to authorize and capture credit card transactions in Lightspeed OnSite, the PCI-DSS applies to you.
All merchants using payment cards must periodically validate their PCI-DSS compliance. Compliance can be validated by an auditing firm. Or, if a company processes fewer than 80,000 transactions per year, they are allowed to perform a self-assessment questionnaire, which determines if they are within compliance.
Lightspeed OnSite has been designed to help you meet PCI-DSS requirements. For example, it does not store sensitive cardholder data and it securely transmits every transaction to all payment gateways.
Nevertheless, it’s important to realize that PCI-DSS requirements require security measures that extend beyond Lightspeed. Protecting sensitive cardholder data takes careful evaluation and management of your entire system and network configuration, including:
For more information to ensure that your business meets PCI-DSS requirements, download the Lightspeed PA-DSS Implementation Guide.