ExpertRPS PCI Compliance Overview

Our customers that process mailed-in credit card payments can take advantage of the security features in ExpertRPS. In support of PCI compliance, ExpertRPS has multi-level security features, encryption of sensitive data and images, and strict management of transaction data.

User Entitlement and Authentication. In order to comply with PCI-DSS Requirement 7, ExpertRPS controls access to cardholder data through user privileges that can only be assigned by an administrator. Likewise, to comply with PCI-DSS Requirement 8, ExpertRPS automatically performs User Authentication using the organization’s user account credentials.

Encryption. Encryption is enabled at a system level and cannot be enabled or disabled for specific transactions, workflows, lockboxes or applications. ExpertRPS uses the AES 256 encryption algorithm. Specific data fields within Credit Card transactions are encrypted by default. Other data fields may be configured to be encrypted.

Encryption Keys. The Encryption Keys that are used to encrypt data and images are dynamically generated by a sophisticated Key Manager Service, are stored in a separate database, and are themselves encrypted. The Key Manager Service is responsible for retrieving and un-encrypting the Encryption Keys and, in compliance with PCI-DSS Requirement 2, requires two independent log-in accounts to be activated.

Masking and Redacting. Masking allows for confidential data to be viewed only by specific operators that have the proper security clearance. Redaction permanently blocks the confidential data from being viewed or stored, thereby