How does Everest handle Credit Card security? Is it PCI compliant?
Starting with Everest 6.14 the credit card sensitive data is encrypted using the standalone cryptographic keys. PCI compliance lists the cases when the cryptographic keys need to be regenerated. In particular, the keys need to be regenerated every 30 days so we have a warning that the keys are outdated.
However, Everest does not block any functions when the keys are outdated, thus it is the responsibility of the Everest administrator to regenerate the keys. You can find more information in the attached Release Notes for version 6.14.
As for the server's PCI compliance, we only provide support services to application issues. Everest is hosted locally in your environment and therefore servers are managed by the local IT teams where they control needed policies and security rules to be applied.
You can also contact your Customer Success Manager for further information or should you need further analysis and consultation with our Professional Services team.
Please sign in to leave a comment.