XMedius Cloud Solutions PCI-DSS Configuration Guide

Administrator -

This article applies to customers transmitting payment card data (PCI-DSS).

(Article initially published / modified: 2020-09-04 / 2020-09-04)


XMedius has established a set of guidelines to help you configure your Cloud account in accordance with a wide range of security requirements. Among the supported requirements is the Payment Card Industry Data Security Standard, or PCI-DSS, which governs the security of Credit Card Information.

XMedius Compliance Measures

XMedius has been audited by an independent Qualified Security Assessor (QSA) and has obtained a Level 1 Service Provider certification (the highest level a Service Provider can get). This ensures that the XMedius Cloud platform provides the necessary security controls to protect Credit Card data.

In other words, when you use our Solutions to transmit data related to Credit Card Information, XMedius provides the functionality, security controls and compliance/certifications you need to fully meet the PCI-DSS requirements.

Customer Responsibility

The XMedius Cloud platform enables a wide variety of functionalities designed to meet different customer needs – and not all these functionalities meet PCI-DSS requirements. The PCI-DSS Attestation of Compliance (AOC) obtained by XMedius is only valid when the Solutions are used in the context described in this guide.

Complying with PCI-DSS is a joint responsibility, and you are responsible for maintaining the configuration of your account in accordance with the definitions found in this document when transmitting or storing Credit Card data through our Solutions.

Moreover, the fact that XMedius provides several security controls to protect the data on its cloud platform does not discharge you from protecting that same data once it is outside of the XMedius Cloud environment.

For more information on your responsibilities, please refer to the page Security Roles and Responsibilities

Note: In this guide, the word Minimum will be used to identify the minimum set of requirements you must meet. Some of these minimums are mandatory as per the PCI-DSS specification, some are mandated by XMedius. The word Recommended will be used to identify configurations that XMedius considers even more robust to adequately protect your data.

Download the Guide

Have more questions? Submit a request


Powered by Zendesk