MaxQ Charge It! and PA-DSS Requirements
MaxQ Charge It! is designed to meet the Payment Applications Data Security Standards (PA-DSS). In order to be PCI compliant, most merchants need to use payment applications which meet these PA-DSS requirements.
The following security features have been built into MaxQ Charge It!
Strong encryption
Users have the option to not store CVV/CVV2/CVC2/CID data
Purging of credit card and transaction data is allowed
If properly configured, an audit trail of all user actions is kept
Charge It! supports the following types of encryption
SQL Server Encryption
AES 256‐bit encryption is used for SQL Server 2005 or later and SQL Server is installed on a machine running Windows Server 2003 or later.
Triple DES encryption is used for SQL Server 2005 or later and SQL Server is installed on a machine running a Windows version earlier than Windows Server 2003.
Users need to be on Charge It! versions 7.4.0/8.1.0 (or later), in order to utilize the latest security features of the application. Charge It! security features were created based on requirements from PA-DSS v1.1, which is issued by the PCI Security Standards Council.
Before You Select A Credit Card Processing Solution
Before using MaxQ Charge It! customers should ensure that their corporate platform and environment is configured to meet the requirements of PA-DSS. We’ve included several requirements here, however you should confer with your payment processing vendor for additional updates and requirements.
- Install and maintain a working firewall to protect data
- Keep security patches up-to-date
- Protect stored data
- Encrypt data sent across public networks
- Use and regularly update anti-virus software
- Restrict access by “need to know”
- Assign unique ID to each person with computer access
- Don’t use vendor-supplied defaults for passwords and security parameters
- Track all access to data by unique ID
- Regularly test security systems and processes
- Implement and maintain an information security policy
- Restrict physical access to data