This guide will explain how IQ Pay is PCI compliant.
PCI data security standard overview
PCI DSS is the global security standard for all businesses that store, process, or transmit cardholder data or sensitive authentication data. PCI DSS sets standard rules for payments and helps reduce fraud and data breaches across the entire payment ecosystem. It applies to any organization that accepts or processes payment credit cards.
How are we PCI compliant?
IQ Payments uses multiple payment processor platforms that are fully PCI compliant. These platforms extend the PCI compliance to the solutions built on them by prescribing and ensuring sensitive credit card data is not handled directly. The Payment processors securely accept and store the data, eliminating considerable complexity. In simple words, IQ Pay will never see and will never have access to unencrypted cardholder data. The cardholder data never enters IQ Pay’s cloud systems. It is a point-to-point encryption between the payment processor platform and the customer’s site. This is true for both card-present and card-not-present transactions. Payment processors provide encrypted tokens so IQ Pay can associate the cardholder data with each customer.
- We have completed a self-assessment questionnaire (SAQ), which has been submitted, reviewed, and accepted by our main payment processors.
- Our compliance team has also reviewed their AoC (Attestation of Compliance) and has satisfied themselves that all our payment processors are indeed PCI compliant.
What should you do?
As a business owner, since you accept credit card payments on your website, your app, or in your physical store, you are not entirely removed from the PCI scope. You need to ensure you cover certain aspects of the compliance i.e.; you must ensure certain protocols are followed to avoid any security mishaps with the customer data such as:
Maintain an information security policy
Maintain the best security management practices that address any cardholder information data leakage, which includes activities such as mishandling credit card data in situations like:
- Taking cards and writing down card numbers on paper or in an excel file.
- Making photocopies of the card data.
- Entering card data into the address field on a customer's profile in SalonIQ.
Secure network and systems
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Install and update security applications regularly
- Protect all systems against malware and regularly update anti-virus software.
- Develop and maintain secure systems and applications.
Conclusion:
Using IQ Pay provides the best security for your daily business transactions. However, as a business owner handling payment on an everyday basis, you must practice stringent security measures to protect cardholder information. A consequence of not following such steps is damage to your brand reputation, and the business might have to pay hefty penalties if a data breach were to affect any customer's payment card data.
If you have any questions regarding PCI compliance by SalonIQ or our partners, please contact us help@saloniq.com and we will be happy to assist you.