PCI Compliance

The Payment Card Industry Security Standards Council (PCI SSC) is entrusted with the responsibility of protecting cardholder data and minimizing the threat of credit card fraud. To facilitate this, they created a set of regulations known as PCI Compliance that all organizations who handle card payments must adhere to.

If you accept card payments, and store, process, or transmit cardholder data in any way, you need to do so in a manner that is PCI Compliant by using a PCI Hosting Provider. This is typically the entity that handles all of your card processing. The PCI Hosting Provider that you use is responsible for the safe storage, processing, and transmission of card details and other information; they bear the burden of maintaining PCI Compliance. PCI Hosting Providers are subject to annual audits from the PCI Security Standards Council to confirm that all security standards are consistently upheld.


Stax is our payment processing partner and they are a Level 1 PCI Service Provider. Level 1 is the highest level of compliance available, and we adhere to industry-leading PCI standards.

When your clients wish to pay using credit cards, you can input their card data securely in Owl where it will be saved and vaulted with Stax, our payment processing partner. When the card data is input into Owl, an API call is sent to Stax to validate the card data and store it securely on the account using tokenization. The card data becomes securely referenceable so it can be used in future transactions. This method of payment processing is called Card Not Present. With this method you don't have to worry about retaking a client's card details after every visit, or exposing the card details to anyone using your Owl account. All you need to do is make sure that the card data is always keyed directly into the designated area in Owl Practice that has been built to connect with Stax for card validation and storage. Once you do that, your clients' card information will be safely and securely stored for future use.


End-to-End Encryption and Tokenization

Besides PCI standards, our payments partner also takes a number of steps to secure cardholder data.

Card information is encrypted on all of our processing devices and never stored after the transaction is completed. Our payments partner's state-of-the-art cloud architecture is constantly tested for vulnerabilities to ensure the safety and security of that sensitive data. And our end-to-end encryption prevents interception of data by third parties and uses modern tokenization services. This prevents third parties from not only intercepting data but from viewing it as well.

Customer Data Protection

We take security seriously for all of our customers. As part of our commitment to our customers, our payments partner's technology is backed by a team of experts. They're also a payment facilitator, meaning our customers can be onboarded quicker with enhanced security for PCI compliance.

They only use PCI and Federal Information Processing (FIP) approved protocols, including exclusive use of the TLS1.3. This layered approach to security means you can accept and manage payments in one of the industry's most secure environments.

 

Fraud Prevention

For both us and our customers, we understand fraud is a common concern. Fraud prevention is an integral part of our extensive security measures for cardholder data. Our payment partner's proactive technologies monitor and investigate accounts for any possible unauthorized charges.

All of their programs are PCI compliant through integrations with financial partners, with "Know Your Customer" and Customer Identification Program checks to verify merchants, their businesses, and their funding accounts. Their team works tirelessly to monitor and prevent fraud for all of our payments customers.

The GDPR

The GDPR, or General Data Protection Regulation, is a law passed by the European Union to protect customer data. The law went into effect May 25, 2018, and violation of the GDPR can result in steep penalties. While the GDPR only applies to constituents of the EU, our payments partner has aligned itself where appropriate as part of our commitment to transparency, data protection, and accuracy.

Our payments partner is committed to safely securing sensitive cardholder data. As a Level 1 PCI Service Provider, they take the utmost care in protecting this data. They use a host of security measures to prevent fraud and ensure PCI compliance across all of their services. Their team works closely with ours to assist to ensure everything is operating well within PCI standards. In the new digital age of payments and shopping, security is top of mind for businesses. As our customer, you can rest easy knowing your data is protected and secure.