Your fax environment’s compliance with the Payment Card Industry Data Security Standard can be a major factor in enterprise-wide information security.

Established in 2004, the PCI rules apply to all organizations that handle cardholder information for the major card companies. Such organizations inherently deal with high volumes of cardholder data. Fax is inherently secure in transmission, but ultra-secure fax encryption is needed to keep documents secure once at rest on a fax server. The RightFax Encryption module provides a sophisticated yet highly usable means of keeping faxes secure, and is also fully compliant with:


and other critical standards.

PCI Compliance with the RightFax Encryption Module

Relatively new to the suite of RightFax enhancements, the Encryption Module uses 192-bit Triple DES to bring industry-standard security to any RightFax server license. By using three digital “keys” to consecutively encrypt, decrypt, and re-encrypt fax images, customers can rest assured that confidential data remains safe.

Furthermore, the Encryption Module enhances audit readiness by not only blocking unwanted access, but logging permissible access as well.

PCI DSS Fax Rules

Fax is implicit throughout the PCI standards. However, as of writing, it is also directly mentioned on two specific occasions:

  • "The display of full PAN [primary account numbers] on items such as computer screens, payment card receipts, faxes, or paper reports can result in this data being obtained by unauthorized individuals and used fraudulently.” (§3.3, Guidance)

PAN are often truncated for security purposes (to something like ****2468, for example), but full numbers are sometimes still required for processing or other purposes. In these cases, the best option is to restrict fax (and other media) access to authorized parties. With its nuanced security options, RightFax makes this process both straightforward and highly reliable.

  • “Verify that procedures for protecting cardholder data include controls for physically securing all media (including but not limited to computers, removable electronic media, paper receipts, paper reports, and faxes).” (§9.5, Testing Procedures)

The ease of leaving a printed fax in plain sight has made these devices the bane of many compliance departments. And that’s why the best way to “physically secure” a fax machine is simply to remove it! Between the RightFax server which eliminates the physical documents, and the Encryption Module which keeps their digital forms safe, it has never been simpler to address this aspect of PCI compliance.

To minimize your legal risks and maximize the ease of PCI DSS fax compliance, contact the team at Paperless Productivity® today. With years of experience in healthcare, financial services, and other highly regulated industries, we look forward to helping you meet and exceed your regulatory objectives. For a complimentary consultation, please contact us today online or at 888 838-0042.