About UsStatus Page
Documentation
Start typing to search…

PCI Compliance Protocols

This document explains the PCI compliance protections and protocols in place to ensure the integrity of Stax Connect ISV Partners’ and their sub-merchants’ payment data when using integrated payments.

PCI DSS Compliance Explained

PCI DSS stands for “Payment Card Industry Data Security Standards.” These standards are set by card associations like Visa, Mastercard, and American Express to ensure sensitive payment data is securely processed, transmitted, and stored. The PCI Security Standards Council determines and sets these security standards.

It’s important that service providers comply with PCI standards, as violating them can result in hefty fines. The PCI DSS applies to any business or organization that has anything to do with a cardholder’s data – transmitting, processing, or storing it.

Level 1 PCI Compliance

Stax is a Level 1 PCI Service provider. Level 1 is the highest level of PCI compliance, and protecting sensitive data is a top priority. Level 1 service providers must attain a yearly Report on Compliance from a Qualified Security Assessor (QSA) or Internal Security Assessor after an onsite audit.

End-To-End Encryption and Tokenization

Besides PCI standards, Stax also takes a number of steps to secure cardholder data.

Card information is encrypted on all processing devices and never stored after the transaction is completed. Stax’s state-of-the-art cloud architecture is constantly tested for vulnerabilities to ensure the safety and security of that sensitive data. Additionally, end-to-end encryption prevents interception of data by third parties and uses modern tokenization services. This prevents third parties from not only intercepting data but from viewing it as well.

Customer Data Protection

Stax takes security seriously for all Partners, sub-merchants, and cardholders. As part of Stax’s commitment to its Partners, all of the integrated payments technology is backed by a team of experts. Stax is also a payment facilitator, meaning sub-merchants can be onboarded more quickly with enhanced security for PCI compliance.

Stax only uses PCI and Federal Information Processing (FIP) approved protocols, including exclusive use of the TLS1.3. This layered approach to security means sub-merchants can accept and manage payments in one of the industry’s most secure environments.

Fraud Prevention

For both Stax and its Partners, it’s understood that fraud is a common concern. Fraud prevention is an integral part of Stax’s extensive security measures for cardholder data. Stax’s technologies proactively monitor and investigate accounts for any possible unauthorized charges.

All programs are PCI compliant through integrations with financial partners, with “Know Your Customer” (KYC) and Customer Identification Program (CIP) checks to verify merchants, their businesses, and their funding accounts. Stax’s team works tirelessly to monitor and prevent fraud for all Partners, sub-merchants, and cardholders.

The GDPR

The GDPR, or General Data Protection Regulation, is a law passed by the European Union to protect customer data. The law went into effect May 25, 2018, and violation of the GDPR can result in steep penalties. While the GDPR only applies to constituents of the EU, Stax has aligned itself where appropriate as part of its commitment to transparency, data protection, and accuracy.

Stax is committed to safely securing sensitive cardholder data. As a Level 1 PCI Service Provider, Stax takes the utmost care in protecting this data. Stax uses a host of security measures to prevent fraud and ensure PCI compliance across all of its services. Stax works closely with its Partners to assist to ensure everything is operating well within PCI standards.

Updated 7 months ago