LightSpeed ProPCI Compliance

PA-DSS Certified Software
From LightSpeed

After an extensive and rigorous certification process, LightSpeed Pro was deemed PA-DSS Certified by the PCI Standards Council in April 2011.

PA-DSS stands for Payment Application Data Security Standard, and certifies that a payment application like LightSpeed Pro includes 13 key protections for transaction and cardholder data that guard against credit card fraud, and is compliant with the Payment Card Industry Data Security Standards (PCI-DSS).

The bottom line is that we have made the significant investment of time and resources to ensure that LightSpeed Pro meets the highest standards for data security and fraud protection. Your customer data depends on it.

What is PA-DSS Compliant?

For a payment application to be deemed PA-DSS compliant, software vendors must ensure that their software includes the following 13 protections:

  1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data.
  2. Protect stored cardholder data.
  3. Provide secure authentication features.
  4. Log payment application activity.
  5. Develop secure payment applications.
  6. Protect wireless transmissions.
  7. Test payment applications to address vulnerabilities.
  8. Facilitate secure network implementation.
  9. Cardholder data must never be stored on a server connected to the internet.
  10. Facilitate secure remote software updates.
  11. Facilitate secure remote access to payment application.
  12. Encrypt sensitive traffic over public networks.
  13. Encrypt all non-console administrative access. Maintain instructional documentation and training programs for customers, resellers, and integrators.
Good For Business

Compliance to the PCI-DSS standard is not only mandatory, it's good for business. It assures your customers that their card information is protected. It also helps to protect your business from a security breach that could damage your relationship with your customers, damage your reputation and result in significant fines.


Which Version(s) of LightSpeed Pro are Compliant?

LightSpeed Pro 3.9.0 has been deemed PA-DSS Certified. Current and future releases of LightSpeed Pro are re-certified after they are released to the public.

What is PCI-DSS?

The Payment Card Industry Data Security Standard (PCI-DSS) is designed to protect the privacy and security of cardholder data and the businesses that process, store or transmit cardholder data. The PCI-DSS is defined by the PCI Security Standards Council, an independent body, founded by leading credit and debit card providers.

Any organization that processes, stores or transmits payment card data must be PCI-DSS compliant. That's because when you accept cards for payment, you are also agreeing to take the steps necessary to protect the customer's card data.

Simply put: If you use an integrated payment processor, such as Axia, MerchantWarehouse, or Authorize.net, to authorize and capture credit card transactions in LightSpeed Pro, the PCI-DSS applies to you.

All merchants using payment cards must periodically validate their PCI-DSS compliance. Compliance can be validated by an auditing firm. Or, if a company processes fewer than 80,000 transactions per year, they are allowed to perform a self-assessment questionnaire, which determines if they are within compliance.


PCI-DSS Requirements
PCI Security Standards Council

Download
The LightSpeed PA-DSS Implementation Guide

How LightSpeed Helps

LightSpeed Pro has been designed to help you meet PCI-DSS requirements. For example, it does not store sensitive cardholder data and it securely transmits every transaction to all payment gateways.

Nevertheless, it’s important to realize that PCI-DSS requirements require security measures that extend beyond LightSpeed. Protecting sensitive cardholder data takes careful evaluation and management of your entire system and network configuration, including:


For more information to ensure that your business meets PCI-DSS requirements, download the LightSpeed PA-DSS Implementation Guide.