SmartLogin® PCI Compliance
We understand the Payment Card Industry (PCI) compliance concerns of IT departments, which is why we hired a Qualified Security Assessor (QSA) to analyze, review, and recommend certain steps to ensure that our technology and encryption methods follow PCI Industry Standards & Guidelines, and does not affect the PCI compliancy of our of clients.
Our QSA has determined that SmartLogin® does follow PCI industry standards, and SmartIcon Technologies LLC has taken the necessary best practice steps toward creating a solution that secures sensitive data. Below are the QSA assessment findings. The official letter of findings can be presented upon request.
- SmartLogin® does not capture, process, transmit or store cardholder data.
- SmartLogin® uses secure transport layer encryption (SSL V3) for all transmittal of user credentials between the client computer and the SmartLogin® server.
- SmartLogin® uses an industry standard encryption methodology and strong encryption keys to store user credentials on the client computer following installation.
- Application penetration testing of the SmartLogin® server reveals no exposed vulnerabilities relative to OWASP Top 10.
- SmartIcon Technologies LLC maintains best practice software development lifecycle (SDLC) procedures to manage a consolidated code base and new code development effectively and securely.
- SmartIcon Technologies LLC has taken effective steps to harden their server environment, including the latest patched versions of OS, web, application and database servers, solidifying the security of the underlying infrastructure.