Securely Implementing EBMS

EBMS is designed to keep payment card keep secure.   All payment card collection and processing are completed through EMV-certified and PA-DSS compliant tools.  These secure steps include collecting credit card numbers by keyboard or payment device, storing information for future sales, and the payment processing and settlement.   Although these secure tools communicate with EBMS, all steps are completed with tools that are separate from the EBMS software.  

Implementing a secure payment process requires the user follow some basic rules to maintain the confidentiality of the customer's payment card details.   

  1.   Never record a customer's credit card or other payment card's account number, CVV, or other details within an EBMS memo or note entry.  A customer's payment card information should always be entered into one of the following EBMS dialogs:

  2. Verify that all solutions or hardware devices that are used to process payment card transactions are PCI compliant.   EBMS sells certified devices that comply with PCI certifications.  

  3. Have a customer facing payment method that does not require your staff to handle payment card details.    Give the customer the ability to record payment card information directly.  

Note that a customer's payment card number, magnetic stripe data, validation code, CVV, PIN or any other payment card information is NOT stored in EBMS.   The payment card details ares passed immediately in a secure manner from the device or dialog that collects the data to a secure cloud based PCI system.    This last 4 digits of the card is stored within EBMS along with a transaction code that is used for future processing.   EBMS cannot display, recall, or communicate the actual payment card details at any time.  

You can reference the PA-DSS website to verify that the solutions you are using are meeting PCI requirements.   Review https://www.pcisecuritystandards.org/assessors_and_solutions/payment_applications to review solutions certifications.   

Some merchant service providers (MSP) may require that you network is certified by a pdated theApproved Scanning Vendor (ASV).   Contact you MSP for a ASV referral.