Engagifii PCI Compliance

Ensuring the Security of Payment Card Data

In the rapidly evolving landscape of online transactions, safeguarding sensitive customer information is paramount. Payment Card Industry Data Security Standard (PCI DSS) compliance plays a pivotal role in ensuring the secure processing, storage, and transmission of credit card data. Engagifii adheres to PCI standards in the handling of payment card transactions in order to protect our association customers and their members.  

PCI standards include a broad range of security processes and controls. As a PCI Service Provider, Engagifii does not directly process or store credit card data, but it does facilitate the entry of payment card data into payment card gateway iFrame forms. We therefore validate and attest to Engagifii’s adherence to these standards on an annual basis using the PCI SAQ D - Service Provider.

Key Security Measures for PCI Compliance:

Secure Network Infrastructure:

Data Encryption:

  • Encrypting data, both in transit and at rest, is crucial for PCI compliance. This ensures that even if unauthorized access occurs, the information is unreadable and unusable.  Engagifii does NOT store payment card data in its application or environment.  It facilitates the entry of data into payment gateway iFrame forms.  In doing so, Engagifii ensures the encryption of data in transit using the latest TLS protocols per PCI DSS requirements.

Access Controls:

  • Access and handling of payment card data is completely outsourced by Engagifii to the payment processors supported by the platform.  Engagifii is integrated with Stripe, Paypal, and authorize.net via their iFrame integration methods.  As a result, when payment card data is to be entered, the user is presented with an iFrame form directly by the payment processor via the iFrame integration with their gateway.  Any data entered is entered directly into the payment processor’s own PCI-compliant environment, and Engagifii is completely removed from the flow of data.  Payment information collected within the iFrame cannot be modified or interfered with by any application code outside of the frame, including Engagifii application code.

Regular Security Audits:

  • Engagifii conducts regular security assessments and vulnerability scans to identify and address potential weaknesses in the system. Vulnerability scans are conducted on a quarterly basis by a third party PCI ASV, who reports on any failing vulnerabilities that must be addressed in the Engagifii infrastructure and application.  Vulnerabilities are remediated and the environment is re-scanned until a passing scan is achieved.

Security Policies and Procedures:

  • Engagifii has documented and implemented the necessary security policies and procedures per the PCI Data Security Standard. New employees are educated on the security measures and staff members are continually made aware of their roles in maintaining PCI compliance.  Examples include Engagfiii’s “Information Security Policy” and its “Incident Response Plan”.

PCI compliance is not only a regulatory requirement but also a fundamental aspect of protecting sensitive customer information. Adhering to PCI DSS standards is essential for businesses that handle payment card transactions, as it safeguards both the organization and its customers from the potentially devastating consequences of data breaches. By implementing robust security measures, maintaining compliance, and staying informed about evolving threats, Engagifii creates a secure environment for electronic transactions.