Posted By: Ryan Galicia, M.O.M. XL Support Team Leader
As a merchant accepting credit/debit cards for payment, you should understand the importance of remaining compliant with the Payment Card Industry Data Security Standards (PCI DSS). To ensure that your business is operating on the most PCI compliant version of M.O.M. we encourage you to update to the newest executable available on the support section of our website.
Another measure your business should take to help you remain PCI compliance is to purge credit card information after a certain number of months. Failing to purge credit card data is putting your business at risk and if a security breach occurs, your business will pay fines on a “per credit card stolen” basis.
Multichannel Order Manager includes a tool to purge the credit card from the order after x days; you want to think about keeping that setting to something like 3 or 6 months. One thing to consider is if you offer subscription type items, you will need to set it to more than 1 year, maybe 13 months to make sure you keep the card on file long enough to renew a yearly subscription. NOTE: M.O.M. will never automatically purge customer data of any type. All data purges must be done manually by users with the credit card purge routine.
To Access PCI Tools in the M.O.M. Application
PCI tools for log management and encryption key rotation can be accessed under the Options menu, as indicated in the screenshot below. The module provides users with a configurable means of securely deleting cardholder data after a user-defined data retention period. This data retention period should be documented in customer policies. The reminder for the amount of days for data retention is actually stored under the Maintain drop down menu, then System Information, select Global Parameters and once in this screen choose the ICCAS tab then select Credit Card (as seen in screenshot below).
When stored cardholder data retention exceeds the user defined retention period, M.O.M. will notify the user that sensitive data must be purged just before the user exits the application.
Also note only M.O.M. v7 users are able to become PCI compliant. If you are not on M.O.M. v7, you will not be able to satisfy the PCI DSS Standards. If you are not currently a M.O.M. 7 user and wish to upgrade M.O.M. to satisfy the PCI standards, click here. Simply fill out the form and a Dydacomp expert will help get you on track to PCI compliance!