Security Assurance, Audit and Compliancy

Since its inception, Monetra® has provided built-in, 'out-of-the-box' security features including full-strength cryptography for sensitive data encryption, secure communications support, and an internal IP filtering/firewall facility. It is the intention of Main Street Softworks, Inc. to maintain extremely high standards for the security and integrity of all our software offerings.

PA-DSS Validation

Monetra® 7 was one of the first applications to successfully complete a rigorous PA-DSS audit and has been validated by the PCI Security Standards Council. Monetra® 7 has been PA-DSS audited multiple times by IBM Internet Security Systems (our PA-QSA certified auditor). These validations (attestations linked below) are accepted by all Card Brands, Processors and Acquirers.

• Most recent validation: Letter of attestation from IBM Internet Security Systems
• Monetra® Changes Attestation: IBM Internet Security Systems | PCI SSC
• Initial PA-DSS validation: Letter of attestation from IBM Internet Security Systems

PCI Data Security Standard

The Payment Card Industry (PCI) Data Security Standard is the result of a collaboration between all major card brands, such as Visa and MasterCard. Designed to create common industry security requirements that include the original CISP conditions, this criterion is mandated by the newly formed PCI Security Standards Council, and consists of the following stipulations:

• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy

Merchants must always provide verification of PCI-DSS compliance for their own systems. Depending on annual transaction volume, PCI-DSS requirements can range from completing a self-assessment questionnaire to selecting a qualified security assessor (QSA) and conducting a formal on-site security audit.

About the PCI SSC:
"A Limited Liability Corporation (LLC) chartered in Delaware, USA, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.. All five payment brands share equally in the council's governance, have equal input to the PCI Security Standards Council and share responsibility for carrying out the work of the organization."

PA-DSS / PABP

The goal of the Payment Application Best Practices (PABP) and Payment Application Data Security Standard (PA-DSS) program is to help software vendors create secure payment applications. The voluntary PABP program was formally retired on October 1st 2008 and was replaced by the mandatory PA-DSS program run by the PCI Security Standards Council. In both programs, to be considered secure, these applications cannot retain full magnetic stripe data or CVV2 data and must support a merchant's ability to comply with PCI-DSS requirements.

PABP Since the program began, Monetra® has fulfilled and surpassed all PABP standards. To exemplify our commitment to security, Main Street routinely obtains a complete and independent security audit of the Monetra® software on an annual basis, even though annual auditing is not a requirement.