PCI Compliance refers to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.
Ryft is committed to maintaining the highest standards of security and compliance, including PCI DSS. This commitment ensures that all transactions processed through the Ryft platform are secure and that sensitive payment information is handled in accordance with industry best practices.
In practice, being PCI compliant means implementing the following actions or security measures:
- Install and configure firewalls to protect data.
- Adopt 2FA (2-factor authentication) password protection.
- Encrypt transmitted card details.
- Install antivirus and anti-malware software.
- Keep software updated to reduce the risk of security breaches.
- Restrict access to cardholder data.
- Assign unique IDs to everyone that has access to this data.
- Monitor security access logs.
- Regularly test security systems.
When using the Ryft Embedded SDK, the environment is considered PCI compliant as the SDK handles the collection and transmission of card details directly to Ryft's secure servers. The card details are hosted entirely on Ryft's infrastructure, meaning that the merchant's servers do not store, process, or transmit any sensitive card information.
On the other hand, with Server-to-Server Integrations, the environment is not considered PCI compliant by default. In this case, the merchant's servers are responsible for handling card details, which means they must adhere to PCI DSS requirements to ensure the security of this sensitive information. This includes implementing robust security measures, such as encryption, access controls, and regular security assessments.
Merchants using Server-to-Server Integrations must ensure that their systems and processes comply with PCI DSS standards to protect cardholder data and maintain the trust of their customers.