Vaultera PCI Certification
Questions for certification and best practices
To certify your Vaultera PCI integration we would like to know more details of how you built your integration
When do you delete cards from Vaultera PCI? Do you delete cards after departure date? How long after?
Best practice is up to 7 days after departure to remove the card from Vaultera PCI and delete your token also.
When you send the card to a payment gateway and it is a success, do you auth the transaction with Vaultera PCI so we can remove the CVV number?
Best Practice: PCI rules say that after a successful transaction the CVV must be removed
Do you show card details to end users via the iframe? If yes how do you log the views?
Best Practice: Only authorised users should be able to view cards, you can put a password on the feature since users might leave computer unattended. You should log all views of cards with timestamp and user details.
Do you have 2FA (2 Factor Authentication) to log into your system?
This is mandatory requirement if you use the iframe solution
Do you receive cards from other sources like channel managers or channels? If yes have you integrated all of them or this is planned after you go live?
You should let Vaultera know about all sources where you can get cards, we will have a profile ready for some partners but some we might have to create one for you
Last updated