What is PCI compliance?
The Payment Card Industry Security Standards Council (PCI SSC) came up with a set of requirements to help protect against card payment fraud and set standards for how to properly store credit card information in a secure way back in 2006.
These rules, called the Payment Card Industry Data Security Standard (PCI DSS), are the backbone of any card processing company for their security standards in how they manage credit card information and keep it safe. Read more about how this relates to QuickBooks here.
So what does this mean?
Put simply, it means when a customer or member's card is being processed, it should be done securely and not written down on a post-it note and charged later at a more convenient time… this would not be complying with PCI standards. It also means that you as a company are doing your due diligence when handling card information.
How does this relate to Novi AMS?
Novi PCI compliance is in how we connect to your card processor. Novi connects with multiple payment providers (Such as QuickBooks Payments or Stripe) for processing credit card payments, and all connections are fully PCI compliant. This means that while Novi facilitates the transaction, your member's credit card data is never even on our servers. We immediately send the card details to the credit card processor which is then tokenized (encrypted code) and sent back to us so that we can securely identify that card moving forward.
What's your role?
Every payment processor has their own standards for PCI compliance. You as an organization are contracted with the payment processor (QuickBooks Payments or Stripe) and will need to look at their specific details to see how you should be handling card processes.
If you would like to read more about how you can make sure your company is doing its due diligence, feel free to check out more info on the PCI website. We encourage you to reach out to your CPA if you have additional questions about PCI compliance and how it relates to your organization.