PCI Compliance
The following describes how BillMax is part of a customers overall PCI compliance strategy. More information on the PCI Data Security Standards may be found at https://www.pcisecuritystandards.org/security_standards/index.php.
The following elements are set to PCI DSS values by default:
- Access to BillMax is logged and kept for 90 days.
- AES encryption is used to encrypt credit card and bank account numbers or their tokens. A warning is issued when the AES encryption key is more than 90 days old.
- Strong passwords are required for access to the BillMax Staff Portal.
- The maximum number of failed login attempts to the Staff Portal is 3.
- Passwords may not be reused until 4 other passwords have been used.
- A password is required to login to the Staff Portal after 15 minutes (900 seconds) of
inactivity.CAUTION:How to change this value is one of the most requested items. See Modify the Staff Portal Timeout. This is not recommended.
- Passwords must be reset every 90 days.
Other security measure taken are:
- Credit card and bank account numbers may be stored as tokens. This is dependent on the third party processor.
- Strong Password may be required for access to the Customer Portal.