‹ Back to latest posts

AdSystem and PCI Compliance

Posted in AdSystem, News, Tips & FAQ's
2 min read

What is PCI Compliance?

PCI, or PCI DSS to be exact, is short for the Payment Card Industry Data Security Standard.  It is a set of rules for handling credit card transactions that apply to companies of any size that accept credit card payments.  For any business that handles credit card payments adhering to these standards is necessary.  Giving credit card data to handlers that don’t follow PCI compliance can be a dangerous practice and put sensitive information into the wrong hands.   If you would like to learn more about the specifics of what PCI compliance is, this Wikipedia article has some good information as well as some useful references.

AdSystem and PCI Compliance

To meet PCI Compliance standards with AdSystem, you must do 3 things:

  1. Use AdSystem Online or AdSystem 6 (if self-hosted).
  2. Use the optional Credit Card Module.
  3. Use a tokenizing processor to securely transmit credit card info.

Older versions (v. 5.0 and lower) of AdSystem are probably NOT PCI compliant.  If you are using a self-hosted version of AdSystem then it can only be PCI compliant if it is AdSystem 6 and follows the above steps #2 and #3.

AdSystem Online and Tokenization

AdSystem Online can be PCI compliant if you are using the optional Credit Card Module and use a tokenizing processor to transmit credit card data.  Tokenization is a process that controls how credit card data is transmitted and stored, here’s how it works: When credit card information is entered into AdSystem Online, it is cast off to a credit card processor to be stored, and in turn, AdSystem receives a token from the processor.  A token is like an electronic key that is used whenever the credit card information needs to be accessed.  This means that all of the credit card information is securely stored by the processor, but you can still have access to it when needed.  This practice meets the latest PCI compliance standards.

Here is the current list of tokenizing processors supported by the Credit Card Module:

  • Authorize.NET AIM XML API
  • Bank of America (via TransArmor)
  • BASYS
  • CyberSource
  • FirstDataE4 (via TransArmor)
  • Heartland
  • Global Payroll
  • Orbital
  • PayFlow Pro
  • PayWiser
  • PhoeniXGate
  • Repay
  • SagePay
  • Stripe
  • Worldpay Online

TLS Protocols

As of June 30, 2018, many processors disabled old TLS and SSL protocols and replaced them with TLS 1.2.  TLS is a cryptographic protocol used to secure communications between two channels.  It is used to authenticate both channels and ensure that information is protected as it passes between the two.  AdSystem Online uses the most recent TLS 1.2 to ensure that credit card information and tokens are protected as they are passed between the Credit Card Module and processors.

[kudos]