PCI Compliance

The following describes how BillMax is part of a customers overall PCI compliance strategy. More information on the PCI Data Security Standards may be found at https://www.pcisecuritystandards.org/security_standards/index.php.

The following elements are set to PCI DSS values by default:
  • Access to BillMax is logged and kept for 90 days.
  • AES encryption is used to encrypt credit card and bank account numbers or their tokens. A warning is issued when the AES encryption key is more than 90 days old.
  • Strong passwords are required for access to the BillMax Staff Portal.
  • The maximum number of failed login attempts to the Staff Portal is 3.
  • Passwords may not be reused until 4 other passwords have been used.
  • A password is required to login to the Staff Portal after 15 minutes (900 seconds) of inactivity.
    How to change this value is one of the most requested items. See Modify the Staff Portal Timeout. This is not recommended.
  • Passwords must be reset every 90 days.
Other security measure taken are:
  • Credit card and bank account numbers may be stored as tokens. This is dependent on the third party processor.
  • Strong Password may be required for access to the Customer Portal.