MaxQ Charge It! and PA-DSS Requirements

MaxQ Charge It! is designed to meet the Payment Applications Data Security Standards (PA-DSS). In order to be PCI compliant, most merchants need to use payment applications which meet these PA-DSS requirements.

The following security features have been built into MaxQ Charge It!

Strong encryption

Users have the option to not store CVV/CVV2/CVC2/CID data

Purging of credit card and transaction data is allowed

If properly configured, an audit trail of all user actions is kept

Charge It!  supports the following types of encryption

SQL Server Encryption

AES 256‐bit encryption is used for SQL Server 2005 or later and SQL Server is installed on a machine running Windows Server 2003 or later.

Triple DES encryption is used for  SQL Server 2005 or later and SQL Server is installed on a machine running a Windows version earlier than Windows Server 2003.

Users need to be on Charge It! versions 7.4.0/8.1.0 (or later), in order to utilize the latest security features of the application.  Charge It! security features were created based on requirements from PA-DSS v1.1, which is issued by the PCI Security Standards Council.


Before You Select A Credit Card Processing Solution

Before using MaxQ Charge It! customers should ensure that their corporate platform and environment is configured to meet the requirements of PA-DSS.  We’ve included several requirements here, however you should confer with your payment processing vendor for additional updates and requirements.

  • Install and maintain a working firewall to protect data
  • Keep security patches up-to-date
  • Protect stored data
  • Encrypt data sent across public networks
  • Use and regularly update anti-virus software
  • Restrict access by “need to know”
  • Assign unique ID to each person with computer access
  • Don’t use vendor-supplied defaults for passwords and security parameters
  • Track all access to data by unique ID
  • Regularly test security systems and processes
  • Implement and maintain an information security policy
  • Restrict physical access to data