iTrustStrongBox @ Facebook
iTrustOffice Mobile Website
iTrustStrongBox @ Myspace
iTrust Blog RSS feed
iTrustStrongBox @ YouTube


iTrust Strongbox
iTrust Support
StrongBox Resources
 • StrongBox FAQ
 • Compatibility
 • Operation Flowchart
 • Tutorial
 • Installation
 • Integration
 • Troubleshooting FAQ
 • StrongBox Manual
 • StrongBox Manual - print
 • StrongBox Medical Manual
 • StrongBox Medical Manual - print
PCI Resources
 • PCI FAQ
 • PCI Compliance Standards
 • PCI Glossery
 • PCI Compliance Guide (pdf)
Webinars
 • Medical Practices
 • StrongBox Webinar
 • Flash Tutorial
Security News
 • Cyber-Crime News
 • Security News
 • iTrust Blog
iTrust StrongBox FAQ
iTrust Home > iTrust Support > StrongBox FAQ
Visited Pages / Sitemap

iTrust StrongBox Frequently Asked Questions

01. Why Use iTrust StrongBox
02. Why use a 3DES DUKPT card reader?
03. Why can’t I store the card information in an encrypted file on my own computer?
04. Can I use the terminal I already have to process cards on file?

Why Use iTrust StrongBox?
iTrust StrongBox is a sophisticated, easy to use card data storage, management and billing system. Using just a few steps, iTrust StrongBox allows you to collect, store, and process card data to bill for present or future amounts in a PCI-compliant, legal manner.

iTrust StrongBox is the most secure product of its kind on the market. Using a 3DES DUKPT encryption magnetic card reader, SSL-protected interface, and multi authentication security. With PCI-certified secured servers and end-to-end data encryption, the iTrust StrongBox security design far exceeds existing PCI-DSS requirements for handling card data.

Why use a 3DES DUKPT card reader?
Card readers used by iTrust StrongBox encrypts the credit card data with thousands of single-use encryption codes. As the data is read from the payment card, encryption at the card reader level prevents malicious software or dishonest employees from stealing sensitive card data.

Card readers used by iTrust StrongBox requires device/host authentication to send data. By utilizing multi-factor authentication and encryption, the iTrust StrongBox reader can only be used with each assigned merchant account and cannot be used to send information to any unauthorized account.

Other card readers leave sensitive card data susceptible to keylogger and other malicious software leaving you with liability for data breaches resulting in the theft of money and identities of your customers.

Why can’t I store the card information in an encrypted file on my own computer?
PCI-DSS does allow merchants to keep sensitive card data on-site, however, there are restrictions as to what kind of data can be kept and how is to be stored. These restrictions require the merchant to render sensitive card data unreadable,and to electronically and physically secure the data. They also must regularly test their security systems, and monitor all access to the network and card data. They must set up and maintain a firewall that restricts the network’s internet access. There are more restrictions.

It is sometimes expensive and time consuming for small businesses to comply with all of the legal and PCI-DSS requirements. Using and storing sensitive cardholder data on your system makes you responsible – and liable - for protecting that data. Fines, termination from card acceptance programs and lost revenue can result from even a small data breach.

Credit Card Secure Storage (C2S2) helps you to protect yourself from security breaches and easily comply with PCI-DSS. C2S2 eliminates your liability from storing sensitive data by keeping cardholder data in our system, not yours. We assume the responsibility and risk of securely storing and protecting sensitive data, you are then free to process payments without the need to store any cardholder data on your system.

iTrust StrongBox

  • PCI Compliance
  • How Our System Works
  • Integration Steps
  • Troubleshooting

    • Can I use the terminal I already have to process cards on file?
    Many offices already lease a point-of-service (POS) terminal to process cards at the time service is rendered. To process payments with stored cardholder data (when the card is not physically present), merchants must enter the 3- or 4- digit card security code (CVV2). Merchants are not allowed to store CVV2 codes. So it is reasonable to use a POS terminal for balance or recurring billing using stored data. To go ahead and process payments as “card present” transactions, without the card actually being present, and thus avoid having to input the CVV2 codes may be considered fraud.




    We Accept:
    VISA MasterCard Elavon Authorize.net American Express
    Home | About | StrongBox Demo | iTrust Online Store | Support | Contact
    ©2010 iTrust Inc. all rights reserved | design by iTrust Web Design | contact webmaster | Terms of Use | Privacy Statement