We've Moved! Please visit our new and improved forum over at our new portal: https://portal.plumvoice.com/hc/en-us/community/topics

How to handle CC data to avoid becoming PCI-compliant?

Questions and answers about Plum Fuse+

Moderators: admin, support

Post Reply
anorman728
Posts: 15
Joined: Wed May 10, 2017 12:07 pm

How to handle CC data to avoid becoming PCI-compliant?

Post by anorman728 »

We're using Plum primarily because it's PCI-compliant and we want to avoid touching CC data ourselves, so that we don't need to be PCI-compliant. We're working with a third-party payment system that is also PCI-compliant.

We should be able to have our Fuse+ application communicate with the third-party payment system using a REST module, but I just want to make sure that we're in the clear as far as avoiding PCI-compliance goes.

We have some direct communication with our server, but nothing that transfers credit card data. That module goes directly to the third-party payment system. Is that enough to avoid having to be PCI-compliant ourselves, since both Plum and the third-party system is PCI-compliant?

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: How to handle CC data to avoid becoming PCI-compliant?

Post by support »

You should contact support to get your IP addresses whitelisted. In this case, we would need your third-party payment system's IPs too.

Then, after you provision a number in Fuse, you will need to reach out to provisioning to have your numbers converted to PCI compliant.

However, the first step is to contact support with your IP addresses.

anorman728
Posts: 15
Joined: Wed May 10, 2017 12:07 pm

Re: How to handle CC data to avoid becoming PCI-compliant?

Post by anorman728 »

Thanks! I relayed this back to my team and we have a few follow-up questions:

1) When we provision a new phone number, do we own it and can we move it outside of Plum later?
2) If we have hundreds of phone numbers, do we have to update the IP whitelist for each phone number every time our IPs change?
- Example: We add a new server with a new IP. Do we have to email Plum with a list of 500 phone numbers and our IP addresses?
3) What does the whitelisting actually do?

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: How to handle CC data to avoid becoming PCI-compliant?

Post by support »

To answer your questions in order:

1. When you purchase a number through Plum you become the owner. The number remains under our resporg and our carriers while you are utilizing it with our platform, but you are free to port the number to another carrier.

2. Your phone numbers are not configured for particular IP addresses, instead they are pointed to our PCI environment. It is the firewalls within the PCI environment that need to be updated for any new IPs. If your IPs change you would need to send an email to support@plumgroup.com with the new information, and we would update our firewall whitelist to allow traffic from the new IP.

3. Whitelisting allows limited traffic in and out of our PCI environment. Only IPs that are whitelisted in our firewalls can make requests to the PCI environment, which limits access and helps to keep it secure.

We hope this information helps, please let us know if you have any other questions.

Post Reply