Overview

PCI-DSS is a standard created by the credit card industry outlining twelve basic requirements on how to securely deploy your application. The goal of this specification it to help prevent the theft of sensitive credit card information.

Multifront is PA-DSS certified which means that it has been verified by a third party to work in a PCI-DSS environment. PA-DSS standards only apply to Multifront as an application and do not apply to the way it is hosted on your server. PCI-DSS requirements provide further guidelines as to how to deploy your PA-DSS certified application securely. This document will help you comply with the PCI-DSS guidelines and host Multifront securely in your environment.

This guide is not a substitute for reading and understanding the Payment Card Industry (PCI) Data Security Standard which goes into much more specific detail on what you need to do to be PCI-DSS compliant. It is up to you to follow these guidelines in order to be PCI-DSS compliant.

The Payment Card Industry (PCI) Data Security Standard can be found here:

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

In each of the following sections we will broadly list out each of the PCI-DSS practices that you need to follow for compliance. Where these practices directly impact Multifront we will make note of it in Integrator Notes and Configuration Notes. Integrator Notes are things to be aware of that are specific to your environment or practices. Configuration Notes are Multifront related settings that must be made.