PCI Overview:
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council -- American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. -- to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.
The Priority point of sale application and the retail Head-Office module are fully compliant with the PCI Security Standards Council requirements. This is accomplished in two phases, as follows:
Phase 1-
The point of sale application does not store any sensitive credit card information or transaction data that are subject to tampering by unauthorized parties, as per the PCI standards. The Head-Office module thus receives only non-sensitive transaction data from the POS, and is therefore up-to-date with the standard first phase of PCI DSS compliance.
Phase 2-
The entire credit card transaction is extracted from the POS to a secured credit card processing device (subject to the merchant's discretion):
► A stand-alone credit card terminal with a minimal required interface to the POS
► A remote credit card processing server, using the MPI interface on the POS
