# Vaultera PCI Certification

To certify your Vaultera PCI integration we would like to know more details of how you built your integration

**When do you delete cards from Vaultera PCI?  Do you delete cards after departure date? How long after?**

Best practice is up to 7 days after departure to remove the card from Vaultera PCI and delete your token also.

**When you send the card to a payment gateway and it is a success, do you auth the transaction with Vaultera PCI so we can remove the CVV number?**

Best Practice: PCI rules say that after a successful transaction the CVV must be removed

**Do you show card details to end users via the iframe? If yes how do you log the views?**

Best Practice: Only authorised users should be able to view cards, you can put a password on the feature since users might leave computer unattended. You should log all views of cards with timestamp and user details.

**Do you have 2FA (2 Factor Authentication) to log into your system?**

This is mandatory requirement if you use the iframe solution

**Do you receive cards from other sources like channel managers or channels? If yes have you integrated all of them or this is planned after you go live?**

You should let Vaultera know about all sources where you can get cards, we will have a profile ready for some partners but some we might have to create one for you