RetailCloud adheres to the security standards laid out by the Payment Card Industry Security Standards Council (PCI-SSC) for the Payment Application - Data Security Standards (PA-DSS) for its RetailCloud applications.

About PCI DSS and PA-DSS

The Payment Card Industry Data Security Standard (PCI-DSS), in simplest terms, is the security rules established by Payment Card Industry regarding the protection of card holder information. It is a program created by the five major credit card companies, including Visa, MasterCard, American Express, Discover, and JCB. The program serves as a guideline for retailers processing credit card payments and works to prevent security issues, such as hacking and credit card fraud.

The Payment Application Data Security Standard (PA-DSS), formerly referred to as the Payment Application Best Practices (PABP), is the global security standard created by the Payment Card Industry Security Standards Council (PCI-SSC). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS.

The requirements for the Payment Application Data Security Standard (PA-DSS) are derived from the Payment Card Industry Data Security Standard (PCI DSS) Requirements and Security Assessment Procedures. Traditional PCI Data Security Standard compliance may not apply directly to payment application vendors since most vendors do not store, process, or transmit cardholder data. However, since these payment applications are used by merchants to store, process, and transmit cardholder data, and merchants are required to be PCI Data Security Standard compliant, payment applications should facilitate merchants' PCI Data Security Standard compliance.

The objectives of PCI-DSS and PA-DSS are:

• Build and Maintain a Secure Retail Point of Interaction System
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitory and Test Networks
• Maintain an Information Security Policy

How can RetailCloud help merchants with PCI compliance?

RetailCloud considers the protection and integrity of payment information to be of the highest importance and takes the security around this data very seriously. It has taken broad measures to ensure both the merchant and consumer's payment data is protected in accordance with the PCI standards outlined within the PA-DSS.

RetailCloud applications are routinely monitored and validated by Payment Application-Qualified Security Assessors (PA-QSAs), to ensure all payment functionality adheres to the Payment Card Industry Security Standards Council’s requirements. Through the use of RetailCloud, the consumer can rest assured that all appropriate steps and precautions are taken to protect the transmission and storage of their credit card information.

For more information about the PCI Data Security Standard and Payment Application – Data Security Standard, visit http://www.PCIsecuritystandards.org