PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements designed to protect account data. It is a set of security standards to protect user data and reduce the risk of fraud and data breaches. Expertflow understands the importance of safeguarding sensitive information, especially regarding financial data. This article explains how Expertflow ensures PCI DSS compliance within our system.

PCI DSS Requirements	Compliance	Expertflow CX Compliance
Build and Maintain a Secure Network and Systems
Install and maintain a firewall configuration to protect cardholder data.	COMPLIANT	Expertflow CX can be integrated with firewalls.
Do not use vendor-supplied defaults for system passwords and other security parameters.	COMPLIANT	Passwords are configurable and are backed by password policy.
Protect Cardholder Data
Protect stored cardholder data.	NON-COMPLIANT	Expertflow CX does not store cardholder data. However, Data Encryption at rest for CX Messages is on the roadmap for 2025.
Encrypt transmission of cardholder data across open, public networks.	COMPLIANT	Expertflow CX uses TLS for secure communication. See Data Encryption for details.
Maintain a Vulnerability Management Program
Protect all systems against malware and regularly update antivirus software or programs.	COMPLIANT	It’s a partner’s responsibility.
Develop and maintain secure systems and applications.	COMPLIANT	We have a dedicated Security team that ensures solution security
Implement Strong Access Control Measures
Restrict access to cardholder data by business need to know.	COMPLIANT	Role-based access controls (RBAC) and group-based access controls (GBAC) are implemented in Expertflow CX so that only authorized Agents can access the application. For more details see Agent Authorization with Agent Desk
Identify and authenticate access to system components.	COMPLIANT	Same as above.
Restrict physical access to cardholder data.	COMPLIANT	It’s a partner’s responsibility.
Regularly Monitor and Test Networks
Track and monitor all access to network resources and cardholder data.	NON-COMPLIANT	A centralized Audit-logging is on the roadmap for 2025.
11. Regularly test security systems and processes Maintain an Information Security Policy.	COMPLIANT	We do test our solution with various vulnerability assessment tools regularly.
12. Maintain a policy that addresses information security for all personnel.	COMPLIANT	As a company, we do maintain our Information Security Policy.

Roadmap for PCI DSS

The following is the list of features related to PCI DSS compliance that are on our roadmap.

Please enter an Aha! link and then click Refresh Preview above to see a preview