Security and compliance as a shared responsibility
Realex Payments is fully PCI DSS compliant and is responsible for the security of cardholder data that it possesses or otherwise stores, processes or transmits on behalf of its merchants. It is also responsible to the extent that it could impact the security of the merchant’s cardholder data environment. Realex Payments can alleviate your PCI overheads, but the degree to which it does so depends on the solution that you use for your payment processing. However, regardless of which solution you use, you are ultimately responsible for your PCI compliance. You must ensure that you are using Realex Payments’ services in a compliant manner, and if you handle, store or transmit cardholder data in any way outside of its systems, you must ensure that this is done in accordance with PCI DSS regulations.
The following table describes how the responsibility for PCI compliance is shared between merchant and Realex Payments for each service type.
|PCI DSS Requirement||Realex Hosted||Realex API||Realex Front End App|
|1. Install and maintain a firewall configuration to protect cardholder data||Realex||Realex||Realex|
|2. Do not use vendor-supplied defaults for system passwords and other security parameters||Realex||Realex||Realex|
|3. Protect stored cardholder data||Realex||Realex||Realex|
|4. Encrypt transmission of cardholder data across open, public networks||Realex||Realex||Realex|
|5. Protect all systems against malware and regularly update anti-virus software or programs||Realex||Realex||Realex|
|6. Develop and maintain secure systems and applications Realex||Realex||Realex and Clients||Realex|
|7. Restrict access to cardholder data by business need-to-know||Realex and Clients||Realex and Clients||Realex and Clients|
|8. Identify and authenticate access to system components||Realex and Clients||Realex and Clients||Realex and Clients|
|9. Restrict physical access to cardholder data||Realex||Realex||Realex|
|10. Track and monitor all access to network resources and cardholder data||Realex||Realex||Realex|
|11. Regularly test security systems and processes||Realex and Clients||Realex and Clients||Realex|
|12. Maintain a policy that addresses information security||Realex and Clients||Realex and Clients||Realex and Clients|