All software and systems that touch credit cardholder data are subject to PCI Compliance
When you accept, process or transmit credit cards, you are required to meet the Payment Card Industry (PCI) Data Security Standards (DSS). The PCI Security Standards Council has different requirements based on the different ways credit cards are accepted. These standards apply to websites, portals, applications and infrastructure that touch cardholder data.
Maintaining PCI compliance is expensive and time-consuming. Maintaining PCI compliance is the responsibility of all parties involved: vendor, hosting provider and merchant.
- Software Vendor: Pay expensive annual assessments with a PCI QSA (Qualified Security Assessor) and implement onerous security requirements for the application that change over time.
- Hosting Provider: Whoever is hosting the software must implement PCI requirements, which are difficult to implement and maintain.
InstaMed is a PCI-DSS Level One v4.0 Service Provider that can significantly reduce your PCI burden. See InstaMed’s recommended PCI Compliant Options to avoid touching cardholder data and reduce your security and compliance costs and effort.
Download the white paper by Coalfire for a comprehensive review of InstaMed’s PCI reduction capabilities.