Payment Card Industry Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle credit cards from the major card schemes. All Program Managers who handle customer card data must be compliant with this standard. See: https://www.pcisecuritystandards.org/pci_security/

If you are not PCI DSS Level 1 compliant, you are not able to retrieve the full PAN from the Thredd platform. In this case, Thredd provides a number of options to support your requirements:

• Using the Thredd Public Token

Using the Thredd Public Token

Customers who are not PCI DSS compliant must use the Thredd-created Public token, which is unique per card, and which is used to query and manage all transactions on that card. The public token is generated when you submit a Create Card request using the Thredd web services or Cards API, and is returned in the response to your request.