The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card numbers (PANs) and other specific card data from the major card schemes, such as Visa or MasterCard. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
ReconHub is not in PCI Scope
ReconHub does not handle complete PANs, related cryptographic material or other PCI-relevant data in connection with PANs and is therefore out of scope of PCI-DSS.
Where ReconHub receives credit card transaction data, PCI relevant data is either not present, or PANs are truncated by the provider of this data, according to their PCI compliance requirements (POS solution providers, payment processors, PSP and other companies processing payment transactions).
In certain cases, ReconHub receives enciphered PANs from POS systems, for example in the case of ep2 transactions, where the enciphered PAN is part of the transaction receipt. In such cases, ReconHub is not in possession or has access to the key material required to decipher the data. The PCI compliance of such enciphered PANs is in the responsibility of the provider of this data. In the ep2 case this is the payment terminal.