Staying PCI Compliant with Jacktrade Billing

To maintain PCI compliance, Jacktrade Billing never stores credit card information before, during, or after payment method collection. Instead, the payment card information is transmitted through a unique token to payment processors and linked to the customer's Personal Account Number. The token allows for the storage and modification of payment card information without storing the actual card details, making it useless in the event of a data breach. The payment method record includes the payment processor token, name on the card, last four digits of the card number, card type, and expiration month and year.

During payment processing, Jacktrade passes the token to the payment gateway, which routes it to the credit card provider to accept or decline the transaction. The payment authorization and token are then routed back to the payment gateway, which provides Jacktrade with a successful or unsuccessful response. All communication through the Jacktrade API is encrypted and secure.

To maintain PCI compliance, it's important to avoid storing credit card information within Jacktrade or any system not designed to store it. Saving payment methods while triggers are disabled can also bypass PCI compliance validations. If a payment method is created with a CVV value and full credit card number, only the last four digits of the card number are stored, and the CVV is not saved. Editing a payment method with a populated CVV field will result in a save failure, and the CVV field should be emptied before saving.

When migrating customers into Jacktrade Billing, it's crucial to ensure payment card information is migrated in a PCI-compliant manner. Customers may need to work with their payment processors to regenerate tokens that will be valid with Jacktrade.

 

Maintaining PCI compliance is crucial for Jacktrade Billing. The following steps are taken to ensure compliance:

  • Credit card information is never stored before, during, or after payment method collection.
  • Payment card information is transmitted through a unique token to payment processors, and linked to the customer's Personal Account Number.
  • Payment methods only contain the payment processor token, name on the card, last four digits of the card number, card type, and expiration month and year.
  • Tokens allow for the storage and modification of payment card information without storing the actual card details.
  • Tokens are useless in the event of a data breach, as they only work with the original merchant and payment processor.
  • During payment processing, Jacktrade passes the token to the payment gateway, which routes it to the credit card provider to accept or decline the transaction.
  • All communication through the Jacktrade API is encrypted and secure.
  • It's important to avoid storing credit card information within Jacktrade or any system not designed to store it to maintain PCI compliance.
  • Saving payment methods while triggers are disabled can also bypass PCI compliance validations.
  • If a payment method is created with a CVV value and full credit card number, only the last four digits of the card number are stored, and the CVV is not saved.
  • Editing a payment method with a populated CVV field will result in a save failure, and the CVV field should be emptied before saving.
  • When migrating customers into Jacktrade Billing, payment card information must be migrated in a PCI-compliant manner.
  • Customers may need to work with their payment processors to regenerate tokens that will be valid with Jacktrade

Contents