Important information © Hypercom EMEA Ltd. 2011 15
12. Encrypt sensitive traffic over public networks
Transactions sent over network connections are always encrypted by
the payment application using Secure Socket Layer (SSL) technology.
You may engage your business with 3rd party agents that provide
services that are part of your overall payment process e.g. shopping
cart providers, web design firms (often referred to as Common Points
of Service or CPS). Agents acting as a CPS must be compliant with PCI
DSS and must be registered with the Card Schemes. Refer to
www.cpsregistration.org for more information about CPS registration.
You must never communicate sensitive cardholder data by any means
unless it is encrypted. Hypercom will never request such data from
you. Sensitive cardholder data means:
the Card Number (often known as Primary Account Number or
PAN),
the Cardholder Name, the card Expiration Date,
the card CV2 number (the last three digits printed on the card
signature strip, or for American Express, the four digit value
printed on the front of the card),
The Hypercom helpdesk may request the first six digits of a card num-
ber from you to assist with troubleshooting a problem, and you should
provide the first six digits and the card issuer when requested; this
allows the Hypercom helpdesk to assist troubleshooting any problem.
13. Encrypt all non-console administrative access
This is not applicable to the Hypercom payment application
14. Maintain instructional documentation/training programs for customers,
resellers, and integrators
As well as the information in this user manual, Hypercom will make
available to you via its website www.hypercom.com further infor-
mation regarding PCI DSS compliance.
To Next Page
Loading...