What is PCI Compliance?
Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards any company that intends to accept or process card payments must follow.
What changes will I experience using a PCI Compliant Formstack?
- Password Length Minimum - We now require a password that’s at least 6 characters in length. Users with a shorter password will be required to reset their passwords upon next login. See below for additional security requirements if you need to be PCI Compliant.
- Logging In - Users will now be locked out of their accounts for 30 minutes after 6 failed login attempts.
- iFraming Admin Pages - Formstack now blocks any /admin/ pages from being displayed in iFrames. If you or your users have been displaying shared reports with others via iFrames this will no longer work.
- More Account Security Settings - We’re providing more granular control over password and session time settings. See more information here.
What steps must I take to ensure my Formstack Account is PCI Compliant?
- Be sure you’re processing payments using our secure Credit Card Field and a Payment Processor integration.
- If you need to securely collect full credit card data, please contact our Support team to discuss your options.
- Do not collect customer credit card information using short answer or number fields
- Be sure to follow your PCI obligations, if any.
- Enable the following password settings:
- Minimum length for a password - 7 characters (will trigger a password reset for users)
- Require both numeric and alpha characters - On (will trigger a password reset for users)
- Require users to change password every 90 days - On
- Do not allow users to set a password the same as their previous 4 passwords - On
- (If the above 90-day change requirement is ON)
- Set your account session time (the time period an account can stay logged in while idle) to 15 minutes
These settings are available on the Account Security Settings page located in your Account Admin user’s profile menu.