| N/A | 1 | Do not retain full magnetic stripe, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data. | Transactions occur electronically over the Internet, with no physical card. |
| N/A | 2 | Protect stored cardholder data. | Card type, Card number, Card expiration date, and Card CVV2 code are never stored. |
 | 3 | Provide secure authentication features. | Users are required to sign in securely before transaction occurs. |
| 4 | Log payment application activity. | HotKey stores purchase date, time, and verification response in database tables. |
| 5 | Develop secure payment applications. | The payment module of HotKey was developed to comply with PCI DSS and PA-DSS and based on industry best practices. |
| N/A | 6 | Protect wireless transmissions. | Wireless is not used. |
| 7 | Test payment applications to address vulnerabilities. | This same system is used for multiple e-commerce web sites since 2004. |
| 8 | Facilitate secure network implementation. | HTTPS is used to securely transmit data. |
| 9 | Cardholder data must never be stored on a server connected to the Internet. | Card type, Card number, Card expiration date, and Card CVV2 code are never stored. |
| 10 | Facilitate secure remote access to payment application. | HTTPS is used to securely transmit data. |
| 11 | Encrypt sensitive traffic over public networks. | HTTPS is used to securely transmit data. |
| 12 | Encrypt all non-console administrative access. | HTTPS is used to securely transmit data. |
| 13 | Maintain instructional documentation and training programs for customers, resellers, and integrators. | User guide. |
Download