Security Assurance, Audit and Compliancy
Since its inception, Monetra® has provided built-in, 'out-of-the-box' security features including full-strength cryptography for sensitive data encryption, secure communications support, and an internal IP filtering/firewall facility. It is the intention of Monetra Technologies, LLC to maintain extremely high standards for the security and integrity of all our software offerings.
Data Replacement ("Tokenization")
Monetra fully supports Data Replacement ("Tokenization") Technologies. To find out more, please visit our Tokenization page.
Monetra® was one of the first applications to successfully complete a rigorous PA-DSS audit and has been validated multiple times by the PCI Security Standards Council. Monetra® and UniTerm® have both been PA-DSS audited multiple times by several leading QSA companies including IBM, Security Metrics and Coalfire. These validations (attestations linked below) are accepted by all Card Brands, Processors and Acquirers.
|2020||Monetra v8.y.z PA-DSS (3.2) Validation|
|2020||UniTerm v9.y.z PA-DSS (3.2) Validation|
|2019||UniTerm v9.y.z PA-DSS (3.2) Validation|
|2018||Monetra v8.y.z PA-DSS (3.1) Validation|
|2018||UniTerm v8.y.z PA-DSS (3.2) Validation|
|2017||Monetra v8.y.z PA-DSS (3.1) Validation|
|2017||UniTerm v8.y.z PA-DSS (3.2) Validation|
|2016||Monetra v8.y.z PA-DSS (3.1) Validation|
|2015||UniTerm v8.y.z PA-DSS (3.2) Validation|
|2015||Monetra v8.y.z PA-DSS (3.1) Validation|
|2014||Changes Attestation v7 u13.3 - u14.1|
|2014||Changes Attestation v7 u13.2|
|2014||Changes Attestation v7 u13.0+1|
|2013||Changes Attestation v7 u12.0|
|2013||Changes Attestation v7 u11.1|
|2012||Changes Attestation v7 u10.0|
|2012||Third PA-DSS Validation v7 u9.0|
|2012||Changes Attestation v7|
|2010||Second PA-DSS Validation|
|2008||Initial PA-DSS Validation|
|2007||Third PABP Validation||Letter of attestation from Visa|
|2006||Second PABP Validation||Letter of attestation from Visa|
|2005||First PABP Validation||Letter of attestation from Visa|
PCI Data Security Standard
The Payment Card Industry (PCI) Data Security Standard is the result of a collaboration between all major card brands, such as Visa and MasterCard. Designed to create common industry security requirements that include the original CISP conditions, this criterion is mandated by the newly formed PCI Security Standards Council, and consists of the following stipulations:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Merchants must always provide verification of PCI-DSS compliance for their own systems. Depending on annual transaction volume, PCI-DSS requirements can range from completing a self-assessment questionnaire to selecting a qualified security assessor (QSA) and conducting a formal on-site security audit.
About the PCI SSC
A Limited Liability Corporation (LLC) chartered in Delaware, USA, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.. All five payment brands share equally in the council's governance, have equal input to the PCI Security Standards Council and share responsibility for carrying out the work of the organization.
PA-DSS / PABP
The goal of the Payment Application Best Practices (PABP) and Payment Application Data Security Standard (PA-DSS) program is to help software vendors create secure payment applications. The voluntary PABP program was formally retired on October 1st 2008 and was replaced by the mandatory PA-DSS program run by the PCI Security Standards Council. In both programs, to be considered secure, these applications cannot retain full magnetic stripe data or CVV2 data and must support a merchant's ability to comply with PCI-DSS requirements. Since the program began, Monetra® has fulfilled and surpassed all PABP standards.