We've Moved! Please visit our new and improved forum over at our new portal: https://portal.plumvoice.com/hc/en-us/community/topics

is_pci for Outbound API, how does this work?

Questions and answers about Plum Fuse+

Moderators: admin, support

Post Reply
mberns
Posts: 4
Joined: Thu Oct 18, 2018 12:48 pm

is_pci for Outbound API, how does this work?

Post by mberns »

I see on the outbound Queue documentation, is_pci parameter. Does this mean I can send PCI directly in the body of the API and remain PCI/HIPAA compliant e.g. the data is encrypted in transit and at rest? Presumably this would differ from uploading a file where the Documentation explicitly states this is not PCI/HIPAA compliant to include PII/PHI in the file upload to queue calls?

support
Posts: 3632
Joined: Mon Jun 02, 2003 3:47 pm
Location: Boston, MA
Contact:

Re: is_pci for Outbound API, how does this work?

Post by support »

Hi,

Unfortunately, no, that is not the purpose of the is_pci flag. This flag only determines which pool of systems will be used to execute your application once the call begins. In order to guarantee PCI compliance, you should only send non-PI/PII data to the outbound APIs. The data that is sent to these APIs is NOT in scope for PCI.

After the call begins, your application will be executing in the PCI environment and any data that is then exchanged between our systems and your application servers is in scope for PCI. This gives you full control over the logging of private data and allows you to make sure all data is transmitted using the proper encryption techniques.

Please let us know if you have any further questions.

Regards,
Plum Support

Post Reply