is_pci for Outbound API, how does this work?

Questions and answers about Plum Fuse+

Moderators: admin, support

  • Author
  • Message
Offline

mberns

  • Posts: 4
  • Joined: Thu Oct 18, 2018 12:48 pm

is_pci for Outbound API, how does this work?

PostMon Nov 12, 2018 3:22 pm

I see on the outbound Queue documentation, is_pci parameter. Does this mean I can send PCI directly in the body of the API and remain PCI/HIPAA compliant e.g. the data is encrypted in transit and at rest? Presumably this would differ from uploading a file where the Documentation explicitly states this is not PCI/HIPAA compliant to include PII/PHI in the file upload to queue calls?
Offline

support

  • Posts: 3621
  • Joined: Mon Jun 02, 2003 3:47 pm
  • Location: Boston, MA

Re: is_pci for Outbound API, how does this work?

PostTue Nov 13, 2018 2:23 pm

Hi,

Unfortunately, no, that is not the purpose of the is_pci flag. This flag only determines which pool of systems will be used to execute your application once the call begins. In order to guarantee PCI compliance, you should only send non-PI/PII data to the outbound APIs. The data that is sent to these APIs is NOT in scope for PCI.

After the call begins, your application will be executing in the PCI environment and any data that is then exchanged between our systems and your application servers is in scope for PCI. This gives you full control over the logging of private data and allows you to make sure all data is transmitted using the proper encryption techniques.

Please let us know if you have any further questions.

Regards,
Plum Support

Return to Plum Fuse+ Q&A

Who is online

Users browsing this forum: No registered users and 1 guest

cron