PCI Compliance
PCI compliance comes into play with the storage and handling of credit card data and is regulated by the PCI Security Standards Council. There is a lot of information available to those who are interested in learning more about what is needed to ensure your practice is PCI Compliant. In keeping with our goal of offering solutions and resources, we've compiled the information below to share with you:
- Check out What is PCI Compliance? A Guide for Small-Business Owners on Nerd Wallet
- Directly from the source: Payment Card Industry Security Standards Council
PCI Compliance and Gaidge
Most orthodontic practices would be considered a Credit Merchant (defined as someone collecting credit card information to accept a payment). Credit Merchants are accountable for handling credit card data responsibly as defined by PCI standards
- Regardless of how you collect the credit data, you must either encrypt it, delete it, or black it out after you use it to set up the payments.
- Gaidge stays compliant with PCI guidelines by not being a collector of, nor storage location for credit card data.
- With our understanding of the PCI guidelines, requesting raw credit card data through Gaidge Forms is strongly discouraged. Forms are not encrypted, therefore anyone with access to the platform has the ability to see the information within that form.
- Limiting the amount of information on a payment authorization form to include only the last 4 digits removes the need for encrypting or deleting the data.
Information regarding Gaidge Pay
For practices using our Gaidge Consult Manger platform, Gaidge Pay is a secure, PCI compliant option for requesting and taking initial down payments.
- Gaidge Pay utilizes a secure payment processing vendor, Stax.
- Stax encrypts (tokenizes) credit card data used for payments
- No one on the Gaidge team, the Stax team, or the practice has access to raw credit card number when a payment is processed through Gaidge Pay.