The Document Vault is intended to securely store and display sensitive images and documents.
To ensure data security as well as compliance with the PCI standard when it comes to cardholder data, strict retention policies for uploaded documents are in place. These policies control how long documents can been stored and after which time they will be deleted once the document is in status VIEWED.
In addition, please make sure to meet the following requirements when using the DocumentVault:
- Access
Please restrict the number of users who have access to sensitive data to an absolute minimum. - Business reason
To use the Document Vault a clear and transparent documented business process is required, needs to be reviewed and approved by the PCI Proxy team. - Unique User Account
Every users needs its own, dedicated user account. Shared logins are not allowed. - Multifactor authentication
Securing the user account with 2FA is mandatory.
We have also setup an internal monitoring and alerting tool which detects unusual or non human behaviour. Once a certain threshold is reached, we may automatically block your user account.
{% hint style="info" %} In any case, please contact us directly if you have any questions around the retention policy, PCI DSS or data security related concerns. {% endhint %}