Data Security Standard (PCI DSS) Advice
Page 12.
12
The Spire Payments SP terminal family contains a payment application that stores, processes and
transmits cardholder data. It therefore falls within the scope of the Payment Card Industry Data
Security Standards (PCI DSS).
This section contains advice to assist you with PCI DSS compliance.
Please note it is the responsibility of the merchant to ensure the merchant copies of receipts and
reports showing cardholder details are stored securely for the period of time specified by your bank.
Please also ensure they are disposed of in a secure manner at the end of that period. Failure to
do so may result in charge-backs or fraudulent activity.
1. retention of full magnetic stripe, card validation code or PIN block data.
The payment application within the Spire Payments SP family of terminals does not retain such
data. You need take no further action to ensure your PCI DSS compliant environment meets this
specific requirement.
2. protection of stored cardholder data.
The payment application within the Spire Payments SP family of terminals protects stored cardholder
data in a secure manner.
You must ensure you give the correct copy of the receipt to the cardholder (clearly marked CARDHOLDER
COPY) and retain the merchant receipts in a secure area with limited access to authorised staff.
The merchant receipts must be destroyed by incineration or by cross-shredding when they become
obsolete. Your bank will advise on the period necessary for retention of receipts.
You should perform an End of Day Banking/Settlement every day, and must settle at least once a
week to purge the payment application of cardholder data. Your terminal may be configured to
perform this process automatically every day; if you are unsure how your terminal is configured,
please contact the your helpdesk.
3. provision of secure authentication features.
The payment application operates in the Spire Payments SP hardware environment and does not
require username or password access. You need take no further action to ensure your PCI DSS compliant
environment meets this specific requirement.
4. secure payment applications.
The Spire Payments terminal and its software applications have been designed in line with PCI DSS and
industry best practices. You need take no further action to ensure your PCI DSS compliant environment
meets this specific requirement.
To Next Page
Loading...
