PCI Credit Card Compliance

While much of PCI compliance relies on policies and network security within your organisation PCSchool School Management Software have moved to enable schools to seek PCI compliance when storing Credit Card information.

PCI Compliance Student Management Software Payment Portal

For our part we do not transmit credit card details across the web however for compliance schools are urged to set all PCSchool web traffic to https (a certificated secure means of transporting web traffic)

PCSchool encrypts Credit Card Number, Card Holder, and Expiry Date. Being encrypted then this data remains unreadable in all environments except within the Account Masterfile view within

 

 

Access in non-encrypted form can be controlled within PCSchool Security

PCSchool enables users to be given access to details on screen on a field by field basis based on individual security. Within this screen is the only time that card details can be entered or viewed in a readable format.

When a file is prepared for submission to the bank, generally in a form of csv via upload in the bank secure software, the details of the credit card etc are exposed. It is important that such files are destroyed immediately upon upload to the bank and at least be stored in a secure location on your network. They should not be transmitted via the internet in email or the like.

 

Encrypting Credit Card Details
If you don’t have the options below available you will need to take the current Followup (Debtors Version 2016.0.0.229 or higher. Prior to running these procedures we recommend a backup of the Family table.

 

 

Encrypting is a one-time process with all future card numbers entered being encrypted automatically. Should you rerun this process it will not encrypt numbers already encrypted.